[sudo-users] help regarding sudo + TLS

Todd C. Miller Todd.Miller at courtesan.com
Fri May 1 12:41:26 EDT 2009

In message <662701800905010819p171c506bofb93fbc5cef9cdca at mail.gmail.com>
	so spake Jerome Macaranas (jerome.m):

>    im currently testing ldap + tls + sudo and Im stuck at this error.
>    though im able to make sudo work via ldap:/// (w/o) tls.

ldaps (port 636) uses a different port than ldap (port 389).  Is
your server listening on port 636?  You may want to set

    ssl     start_tls

in /etc/ldap.conf to start TLS over a normal (port 389) connection.

Also, you may need to use:

    tls_checkpeer no  # ignore server SSL certificate

if the server's cert cannot be validated.

 - todd

More information about the sudo-users mailing list