[sudo-users] Sudo 1.6.8 with TLS on Solaris 9 to Sun One Directory 5.2

Macleod, Paul paul.macleod at eds.com
Tue May 31 07:13:48 EDT 2005


I've been able to download and build Sudo 1.6.8p8 to run on Solaris 9 and communicate with Sun One Directory 5.2 in clear over 389.

However, configure fails to find the "ldap_initialize" and "ldap_start_tls_s" prototypes and so doesn't provide secure connections to the directory.

Are those two prototypes considered as something that should be available as part of some revision of ldap?

In the absence of the Sun OS or ability to find a Sun LDAP SDK that provided those prototypes, I've downloaded OpenLDAP and built that.  However, for all it configures and compiles Sudo, upon execution I'm presented with an error, pasted below.

The directory does have a self generated CA and certificate installed, and user authentications / host name resolution with internal solaris mechanisms are able to communicate with the directory securely over port 636.  On those remote machines, the provision of the key3.db and cert7.db files has been made.  Output seen:

>	LDAP Config Summary
>	===================
>	host         IP
>	port         389
>	ldap_version 3
>	sudoers_base ou=SUDOers,ou=Identity,dc=com
>	binddn       (anonymous)
>	bindpw       (anonymous)
>	ssl          start_tls
>	===================
>	ldap_set_option(LDAP_OPT_X_TLS_CERTFILE,"/var/ldap/cert7.db")
>	ldap_set_option(LDAP_OPT_X_TLS_KEYFILE,"/var/ldap/key3.db")
>	ldap_init(IP,389)
>	ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
>	ldap_start_tls_s(): -11: Connect error

Has anyone got any advise on how to progress this forward please?

Is anyone in a position to say that Sudo, with Sun LDAPs and Directory 5.2 is viable with TLS, and I'm missing something - or - Sudo, with open LDAPs isn't viable with Directory 5.2 owing to maybe an interface / standards discrepancy?



More information about the sudo-users mailing list