[sudo-users] 1.7.0rc1 interesting tests

Todd C. Miller Todd.Miller at courtesan.com
Mon Jun 9 10:26:32 EDT 2008


In message <484C8BC7.2030101 at mayo.edu>
	so spake Patrick Spinler (spinler.patrick):

> (2) suse 9.4 ldap sudoers failure
> 
> | pjs11 at mr-dzl01:~> /usr/local/bin/sudo -l
> | LDAP Config Summary
> | ===================
> | host             ha-unixhead2.mayo.edu ei-unixhead2.mayo.edu
> | nssmail.mayo.edu
> | port             -1
> | ldap_version     3
> | sudoers_base     ou=sudoers,dc=nss,dc=mayo,dc=edu
> | binddn           (anonymous)
> | bindpw           (anonymous)
> | ssl              start_tls
> | ===================
> | sudo: ldap_create()
> | sudo: ldap_set_option(LDAP_OPT_HOST_NAME, ha-unixhead2.mayo.edu
> | ei-unixhead2.mayo.edu nssmail.mayo.edu)
> | sudo: ldap_set_option: debug -> 0
> | sudo: ldap_set_option: ldap_version -> 3
> | sudo: ldap_start_tls_s(): Connect error
> | Sorry, user pjs11 may not run sudo on mr-dzl01.

You might try putting the following in /etc/ldap.conf

tls_checkpeer no

and see if that makes any difference.  Unfortunately, OpenLDAP
error messages are not terribly informative.

 - todd



More information about the sudo-users mailing list