[sudo-users] uri Vs host in /etc/ldapo.conf

Todd C. Miller Todd.Miller at courtesan.com
Mon Dec 10 11:33:22 EST 2007

In message <1196972068.5977.45.camel at wade-linux.itiva.com>
	so spake Wade Klaver (wadeklaver):

>   I had a hell of a time getting sudo to check ldap until I added a
> "host" line to ldap.conf.  With just the uri line, it only attempts to
> connect to localhost.  If I add a host line, it connects to the server
> listed there.  However, the example in the sudo LDAP readme says
> either/or.  Below is the ldap.conf and a debugging log.  In the example
> below, if I add the line "host skywarp.itivalabs.net", things start
> working.

Actually, 1.6.9p9 _does_ include the uri support after all.  Example
debug output:

LDAP Config Summary
uri          ldap://localhost
ldap_version 3
sudoers_base ou=SUDOers,dc=courtesan,dc=com
binddn       (anonymous)
bindpw       (anonymous)
bind_timelimit  -1
timelimit    -1
ssl          (no)

However, this will only work if your ldap libs support the
ldap_initialize() function.  Can you check your config.h file and
see if HAVE_LDAP_INITIALIZE is defined?

I just tested a Fedora 7 machine and configure finds ldap_initialize()
and does define HAVE_LDAP_INITIALIZE correctly.  It's still possible
that this is a configure-related problem.

 - todd

More information about the sudo-users mailing list