[sudo-users] sudoers in LDAP

Eric G Ortego eric at opelousas.org
Fri Oct 28 11:09:43 EDT 2005 

Matthew Stier wrote:

> try 'getent shadow | grep eric | od -c' and ensure the entries are
> identical, down to the non-printable characters.


They still appear identical. single trailing \n

>
> Eric G Ortego wrote:
>
>>I have imported all my sudoers configs into LDAP and most everything
>>seems to be working the way I expected.
>>But shadow some how is screwing it up...
>># getent shadow | grep eric
>>eric:x:12865::99999:7:::0
>>eric:x:12865::99999:7:::0
>>
>>one from ldap one from /etc/shadow
>>
>>nsswitch.conf
>>shadow: files ldap
>>
>>sudo -s (with debug 1 in ldap.conf.sudo) shows me
>>
>>ldap_initialize(ld,ldap://ldap.example.com)
>>ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
>>ldap_start_tls_s() ok
>>ldap_bind() ok
>>found:cn=defaults,ou=sudoers,dc=example,dc=com
>>
>>However by simply removing the (identical?!)entry in /etc/shadow I end
>>up getting this error.
>>
>>sudo -s
>>
>>ldap_initialize(ld,ldap://ldap.example.com)
>>ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
>>ldap_start_tls_s(): -11: Connect error
>>
>>somehow the entry returned from ldap isn't valid, because if I change
>>the order in nsswitch.conf to shadow: ldap files then I always get
>>ldap_start_tls_s(): -11: Connect error when trying to use sudo
>>
>>Any ideas, suggestions, flames?
>>Cheers,
>>Eric G Ortego.
>>
>>  
>>
>> 
>>____________________________________________________________ 
>>sudo-users mailing list <sudo-users at sudo.ws> <mailto:sudo-users at sudo.ws>
>>For list information, options, or to unsubscribe, visit:
>>http://www.sudo.ws/mailman/listinfo/sudo-users
>>
>
>-- 
>Matthew Lee Stier                 *  Fujitsu Network Communications
>Unix Systems Administrator        |  Two Blue Hill Plaza
>Ph: 845-731-2097 Fx: 845-731-2011 |  Sixth Floor
>Matthew.Stier at us.fujitsu.com <mailto:Matthew.Stier at us.fujitsu.com>      *  Pearl River, NY 10965
>  
>

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: OpenPGP digital signature
URL: </pipermail/sudo-users/attachments/20051028/e4e06e47/attachment.bin>

More information about the sudo-users mailing list