[sudo-users] groups don't work when using sasl

Han Boetes hboetes at gmail.com
Thu Dec 20 03:19:43 EST 2012

This is on a centos 6 test machine, I already made an rpm for the most
recent version to get rid of some bugs. Ignore the errors at the end, I
switched to freeipa so this machine isn't working properly anymore.

I can't reproduce this bug with the ipa setup since it uses a completely
different way to configure sudo in ldap.

[root at auth ~]# sudo -V
Sudo version 1.8.6p3
Configure options: --build=x86_64-unknown-linux-gnu
--host=x86_64-unknown-linux-gnu --target=x86_64-redhat-linux-gnu
--program-prefix= --prefix=/usr --exec-prefix=/usr --bindir=/usr/bin
--sbindir=/usr/sbin --sysconfdir=/etc --datadir=/usr/share
--includedir=/usr/include --libdir=/usr/lib64 --libexecdir=/usr/libexec
--localstatedir=/var --sharedstatedir=/var/lib --mandir=/usr/share/man
--infodir=/usr/share/info --prefix=/usr --sbindir=/usr/sbin
--libdir=/usr/lib64 --docdir=/usr/share/doc/sudo-1.8.6p3
--with-logging=syslog --with-logfac=authpriv --with-pam --with-pam-login
--with-editor=/bin/vi --with-env-editor --with-ignore-dot
--with-tty-tickets --with-ldap --with-ldap-conf-file=/etc/sudo-ldap.conf
--with-selinux --with-passprompt=[sudo] password for %p:  --with-linux-audit
sudo: ldap_sasl_interactive_bind_s(): Local error
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

On Tue, Dec 18, 2012 at 6:37 PM, Todd C. Miller
<Todd.Miller at courtesan.com>wrote:

> On Mon, 17 Dec 2012 11:10:59 +0100, Han Boetes wrote:
> > I just enabled SASL enforcement for access to the ldap tree. Before I had
> > it enable using a group worked fine, after that using a group does not.
> > Creating a recepe for a still works fine though. What am I missing?
> That's really odd.  The query looks OK and you are able to get the
> global defaults.  What version of sudo are you running?
>  - todd


# Han

More information about the sudo-users mailing list