[sudo-users] uri Vs host in /etc/ldapo.conf
Wade Klaver
wadeklaver at itiva.com
Thu Dec 6 15:14:28 EST 2007
Hello folks,
I had a hell of a time getting sudo to check ldap until I added a
"host" line to ldap.conf. With just the uri line, it only attempts to
connect to localhost. If I add a host line, it connects to the server
listed there. However, the example in the sudo LDAP readme says
either/or. Below is the ldap.conf and a debugging log. In the example
below, if I add the line "host skywarp.itivalabs.net", things start
working.
System Specifics:
CentOS 5.0
sudo-1.6.9p9
openldap-2.3.27-8
Conf:
------------
uri ldap://skywarp.itivalabs.net
base dc=itivalabs,dc=net
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
binddn cn=Reader,dc=itivalabs,dc=net
bindpw testpass
pam_password md5
sudoers_base ou=sudoers,dc=itivalabs,dc=net
sudoers_debug 2
Run:
------------
LDAP Config Summary
===================
host localhost
port 389
ldap_version 3
sudoers_base ou=sudoers,dc=itivalabs,dc=net
binddn cn=Reader,dc=itivalabs,dc=net
bindpw testpass
bind_timelimit -1
timelimit -1
===================
ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR, "/etc/openldap/cacerts")
sudo: ldap_init(localhost,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION, 3)
ldap_simple_bind_s()=-1 : Can't contact LDAP server
Password:
wade is not in the sudoers file. This incident will be reported.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: </pipermail/sudo-users/attachments/20071206/6cd7a645/attachment.bin>
More information about the sudo-users
mailing list