[sudo-users] Sudo LDAP+TLS in 1.7.2
Tony G.
tonysk8 at gmail.com
Tue Sep 21 10:58:40 EDT 2010
Thanks for your reply Todd,
That's what I thought too, since the .ldaprc is on this version ignored,
but when I add both locations I got the same results:
[test at test ~]$ sudo su -
LDAP Config Summary
===================
uri ldap://ldaptls.example.com
ldap_version 3
sudoers_base ou=SUDOers,dc=example,dc=com
binddn cn=binduser,dc=example,dc=com
bindpw mypassword
bind_timelimit 5000
timelimit 15
ssl start_tls
tls_checkpeer (yes)
tls_cacertdir /etc/openldap/cacerts
tls_certfile /etc/openldap/cacerts/cert.pem
tls_keyfile /etc/openldap/cacerts/key.pem
===================
sudo: ldap_initialize(ld,ldap://ldaptls.example.com)
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: tls_checkpeer -> 1
sudo: ldap_set_option: tls_cacertdir -> /etc/openldap/cacerts
sudo: ldap_set_option: tls_cert -> /etc/openldap/cacerts/cert.pem
sudo: ldap_set_option: tls_key -> /etc/openldap/cacerts/key.pem
sudo: ldap_set_option: timelimit -> 15
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
sudo: ldap_start_tls_s(): Connect error
[sudo] password for test:
Not sure if this is an issue with my config or a real bug.
Thanks.
On Tue, Sep 21, 2010 at 8:24 AM, Todd C. Miller
<Todd.Miller at courtesan.com>wrote:
> Sounds like you need to add:
>
> tls_cert /etc/openldap/cacerts/cert.pem
> tls_key /etc/openldap/cacerts/key.pem
>
> to /etc/ldap.conf.
>
> - todd
>
--
Tony
http://blog.tonyskapunk.net
More information about the sudo-users
mailing list