[sudo-users] uri Vs host in /etc/ldapo.conf

Wade Klaver wadeklaver at itiva.com
Thu Dec 6 15:14:28 EST 2007

Hello folks,
  I had a hell of a time getting sudo to check ldap until I added a
"host" line to ldap.conf.  With just the uri line, it only attempts to
connect to localhost.  If I add a host line, it connects to the server
listed there.  However, the example in the sudo LDAP readme says
either/or.  Below is the ldap.conf and a debugging log.  In the example
below, if I add the line "host skywarp.itivalabs.net", things start

System Specifics:
CentOS 5.0

uri ldap://skywarp.itivalabs.net
base dc=itivalabs,dc=net
ssl start_tls
tls_cacertdir /etc/openldap/cacerts
binddn cn=Reader,dc=itivalabs,dc=net
bindpw testpass
pam_password md5
sudoers_base ou=sudoers,dc=itivalabs,dc=net
sudoers_debug 2

LDAP Config Summary
host         localhost
port         389
ldap_version 3
sudoers_base ou=sudoers,dc=itivalabs,dc=net
binddn       cn=Reader,dc=itivalabs,dc=net
bindpw       testpass
bind_timelimit  -1
timelimit    -1
ldap_set_option(LDAP_OPT_X_TLS_CACERTDIR, "/etc/openldap/cacerts")
sudo: ldap_init(localhost,389)
ldap_set_option(LDAP_OPT_PROTOCOL_VERSION, 3)
ldap_simple_bind_s()=-1 : Can't contact LDAP server
wade is not in the sudoers file.  This incident will be reported.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: </pipermail/sudo-users/attachments/20071206/6cd7a645/attachment.bin>

More information about the sudo-users mailing list