[sudo-users] LDAPS + sudo + AIX 7.1
ace man
kevev at hotmail.com
Tue Aug 20 07:44:47 MDT 2013
OK. I have imported the cacert and both ldap server certs to my kdb on the AIX client.
Here is my /etc/ldap.conf:
base dc=ldap,dc=local
TLS_KEY /ssl_client/serverauth_client.kdb
TLS_KEYPW '######'
uri ldaps://server1.local ldaps://server2.local
sudoers_base ou=SUDOers,dc=ldap,dc=local
bind_timelimit 5
timelimit 5
sudoers_debug 7
`sudo -l`
sudo: ldap_ssl_client_init(): Unknown error
> From: Todd.Miller at courtesan.com
> To: kevev at hotmail.com
> CC: sudo-users at sudo.ws
> Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> Date: Mon, 19 Aug 2013 12:25:47 -0600
>
> On Mon, 19 Aug 2013 12:40:48 -0500, ace man wrote:
>
> > I have tls_checkpeer no in /etc/ldap.conf.
>
> That setting has no effect with the Tivoli LDAP libs. You'll need
> to set TLS_KEY to a key database (e.g. /usr/ldap/ldapkey.kdb) with
> the server's cert.
>
> You may find this link helpful:
> http://www.ibm.com/developerworks/aix/library/au-sslconfig/
>
> - todd
More information about the sudo-users
mailing list