[sudo-users] LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jul 26 09:38:34 EDT 2012
The Solaris LDAP libraries do not support the start_tls extension.
You can use LDAP over SSL (e.g. "ssl on" in ldap.conf) but not
start_tls.
Alternately, you could link sudo against the OpenLDAP libraries
instead of the Solaris LDAP libraries.
What's particularly annoying is that there *is* actually some
start_tls support in Solaris LDAP, but it is not exported for client
programs to use so there's no way for sudo to use it.
- todd
More information about the sudo-users
mailing list