[sudo-users] LDAP libs do not support ldap_start_tls_s() or ldap_start_tls_s_np()
Todd C. Miller
Todd.Miller at courtesan.com
Thu Jul 26 09:38:34 EDT 2012
The Solaris LDAP libraries do not support the start_tls extension.
You can use LDAP over SSL (e.g. "ssl on" in ldap.conf) but not
Alternately, you could link sudo against the OpenLDAP libraries
instead of the Solaris LDAP libraries.
What's particularly annoying is that there *is* actually some
start_tls support in Solaris LDAP, but it is not exported for client
programs to use so there's no way for sudo to use it.
More information about the sudo-users