[sudo-users] odd problems with ldap + ssl

Jeff jrc001 at cityxpress.com
Tue Nov 22 16:55:52 EST 2005

I've been trying to get an integrated LDAP, Pam, Sudo configure
setup on some systems. Every thing works fine except with sudo
when I use an SSL connect to the LDAP server.

My configuration:

LDAP Server:
- Fedora Core 4
- host = barium
- OpenLDAP
- Selfsigned Cert

- Fedora Core 4
- host = test14

URI ldaps://barium
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
ldap_version 3
sudoers_base   ou=SUDOers,dc=example,dc=com

/etc/ldap.conf is a symbolic link to /etc/openldap/ldap.conf

- I'm using sudo-1.6.8p12
- ./configure --with-ldap --with-pam

auth        sufficient    /lib/security/$ISA/pam_ldap.so
auth        required      /lib/security/$ISA/pam_deny.so
account     [default=bad success=ok user_unknown=ignore]
password    sufficient    /lib/security/$ISA/pam_ldap.so
password    required      /lib/security/$ISA/pam_deny.so
session     optional      /lib/security/$ISA/pam_ldap.so

- With the above configuration if I log on with an LDAP account
and issue an sudo command I get the following response:

login as: test202
test202 at test14's password:
Last login: Tue Nov 22 13:44:30 2005 from 10.1.0.
[test202 at test14 ~]$ sudo ls
ldap_simple_bind_s()=-1 : Can't contact LDAP server
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
[test202 at test14 ~]$

Any comments would be appreciated.


More information about the sudo-users mailing list