[sudo-users] 1.7.0rc1 interesting tests

Patrick Spinler spinler.patrick at mayo.edu
Thu Jun 12 21:51:40 EDT 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Todd C. Miller wrote:
| In message <485169B8.1080507 at mayo.edu>
| 	so spake Patrick Spinler (spinler.patrick):
|
|> (1) redhat 5.2 intel sudoedit failure
|>
|> Still having this issue.  Don't recall any suggestions to how to
|
| I'm not sure what the issue is here, since it works fine for me on
| RedHat 5.1.  You could try the following:
|
| env EDITOR="strace -o/tmp/trace.out /bin/vi" /usr/local/bin/sudoedit
/tmp/foo
|
| and send me the resulting /tmp/trace.out file.

/tmp/trace.out is not created.  The EDITOR never appears to be invoked.

However, I've attached output from "/usr/bin/sudo strace ./sudoedit
/tmp/foo"

|
|> (2) suse 9.4 ldap sudoers, ldap_start_tls_s connect error.  See error
above.
|
| At this point I'm going to lay blame with the suse openldap libs
| or an ldap.conf issue.  You should be able to use the same ldap.conf
| as in the working suse 10.  I suppose you could try using a single
| LDAP server instead of a list of servers and turning on LDAP debugging
| (something like "debug 9" in ldap.conf).
|

Ah ha !  That helped.  It was a setting in ldap.conf, specifically, I
had a certificate error.  Works now.  Thanks for putting up with my
stupidities.  :-)

It's interesting that "normal" ldap functions (e.g. pam_ldap, nssldap)
continued to work in the face of that, yet sudo choked.


That means my little testing grid looks like this:

			Tests
OS		Arch	sudoedit 	ldap sudoers
- ----------	-----	--------	------------
redhat 4.6 	intel	ok		ok
redhat 5.2 	intel	fail	 	ok
suse 10.1 	s390x	ok		ok
suse 9.4 	s390x	ok		ok
solaris 10	sparc	ok		fail


And the solaris failure is in my court to mess around with ldap.conf
settings.

I'm also off to try this on AIX 5.3 tonight.

Thanks again, Todd.  I appreciate your patience with me.

- -- Pat
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIUdKrNObCqA8uBswRAv9xAJ4sbz+G3jw+Cr0IDrIYDcJ5+bojbQCeJ2PJ
8/BFBBz1pZFUrpf+W1NPa3s=
=siVR
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sudoedit_trace.out
Type: application/octet-stream
Size: 44440 bytes
Desc: not available
URL: </pipermail/sudo-users/attachments/20080612/860b631a/attachment.obj>

More information about the sudo-users mailing list