[sudo-users] AIX 6.1 sudo with AIX LDAP Client with SSL

Wong Ren Ren.Wong at comverse.com
Fri Oct 21 14:24:19 EDT 2011


I have an issue with running sudo with AIX LDAP client over SSL on the AIX 6.1  Your help is appreciated.

Before turning on the SSL, the sudo is running fine with the OpenLDAP server on a Linux host.

When I turn on the SSL, the SSL is working OK with ldapsearch but not for sudo such as sudo -l.
Below is  an example:
sudo -l
LDAP Config Summary
uri              ldaps://host.exmaple.com
ldap_version     3
sudoers_base     ou=SUDOers,dc=example,dc=com
binddn           (anonymous)
bindpw           (anonymous)
timelimit        120
ssl              yes
sudo: ldap_init(host.example.com:636, 389)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 120
sudo: ldap_simple_bind_s(): Can't contact LDAP server
User root may run the following commands on this host:
    (ALL) ALL
    (ALL) ALL

I assume that with or without SSL, the sudo uses the AIX LDAP client.  Do the tls_* parameters in the /etc/ldap.conf used at all?

Below is my /etc/ldap.conf file:

base dc=comverse-in,dc=com
uri ldaps://host.example.com
timelimit 120
bind_timelimit 120
idle_timelimit 3600
pam_password md5
sudoers_base ou=SUDOers,dc=example,dc=com
sudoers_debug 255
ldap_version 3
ssl start_tls
ssl yes
tls_checker no
tls_cacertfile /etc/security/ldap/cacerts/cacert.pem
tls_cacertdir /etc/security/ldap/cacerts

"This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Technology or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security at comverse.com. Thank You."

More information about the sudo-users mailing list