[sudo-users] RHEL WS 3 / LDAP via ssl - start_tls_s not working?
Fred Clausen
ftc at evilgeniuses.org.uk
Fri May 20 08:31:51 EDT 2005
Hi All,
> Unfortunately sudo 1.6.8 is not included in the RedHat WS 3 (update 3).
> What I was looking for was to have a centralized sudoers file.
> Using OpenLDAP 2.0.27-17 from RedHat to compile sudo 1.6.8p8 seems to
> work well (config.log shows: define HAVE_LDAP_START_TLS_S 1 ), but when
> I try to use it in my LDAP environment:
>
> LDAP Config Summary
> ===================
> host myldapserver
> port 636
> ldap_version 3
> sudoers_base ou=Sudoers,dc=my,dc=domain,dc=com
> binddn (anonymous)
> bindpw (anonymous)
> ssl on
> ===================
> ldap_init(myldapserver,636)
> ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
> ldap_simple_bind_s()=81 : Can't contact LDAP server
It sounds like you may be having certificate issues or even something as
simple as that slapd is not listening on port 636. Check it is started
in a way similar to:
slapd -h 'ldap:// ldaps://'
Red Hat startup scripts seem to take care of this. You can also use:
netstat -tnlp
Will tell you if anything is listening on port 636. If you do not care
about certificate verification, then you can add the following to your
ldap.conf on the client machine:
tls_checkpeer no
and see if it works.
Cheers,
Fred.
More information about the sudo-users
mailing list