[sudo-users] odd problems with ldap + ssl
Jeff
jrc001 at cityxpress.com
Tue Nov 22 16:55:52 EST 2005
I've been trying to get an integrated LDAP, Pam, Sudo configure
setup on some systems. Every thing works fine except with sudo
when I use an SSL connect to the LDAP server.
My configuration:
LDAP Server:
- Fedora Core 4
- host = barium
- OpenLDAP
- Selfsigned Cert
Client:
- Fedora Core 4
- host = test14
/etc/openldap/ldap.conf
-----------------------------------
URI ldaps://barium
BASE dc=example,dc=com
TLS_CACERTDIR /etc/openldap/cacerts
TLS_REQCERT allow
ldap_version 3
sudoers_base ou=SUDOers,dc=example,dc=com
-----------------------------------
/etc/ldap.conf is a symbolic link to /etc/openldap/ldap.conf
- I'm using sudo-1.6.8p12
- ./configure --with-ldap --with-pam
/etc/pam.d/sudo
-----------------------------------
auth sufficient /lib/security/$ISA/pam_ldap.so
auth required /lib/security/$ISA/pam_deny.so
account [default=bad success=ok user_unknown=ignore]
/lib/security/$ISA/pam_ldap.so
password sufficient /lib/security/$ISA/pam_ldap.so
password required /lib/security/$ISA/pam_deny.so
session optional /lib/security/$ISA/pam_ldap.so
-----------------------------------
- With the above configuration if I log on with an LDAP account
and issue an sudo command I get the following response:
login as: test202
test202 at test14's password:
Last login: Tue Nov 22 13:44:30 2005 from 10.1.0.
[test202 at test14 ~]$ sudo ls
ldap_simple_bind_s()=-1 : Can't contact LDAP server
Password:
Sorry, try again.
Password:
Sorry, try again.
Password:
Sorry, try again.
sudo: 3 incorrect password attempts
[test202 at test14 ~]$
Any comments would be appreciated.
Thanks.
More information about the sudo-users
mailing list