[sudo-users] LDAPS + sudo + AIX 7.1
ace man
kevev at hotmail.com
Tue Aug 20 14:38:12 MDT 2013
I patched manually and double checked my work but receive this error while building:
./ldap.c: In function 'sudo_ldap_init':
./ldap.c:610: error: expected ')' before 'ldap_err2string'
./ldap.c:610: error: expected ')' before 'ldap_err2string'
./ldap.c" In function 'sudo_ldap_open':
./ldap.c:2356: error: expected ')' before 'ldap_err2string'
./ldap.c:2356: error: expected ')' before 'ldap_err2string'
> From: kevev at hotmail.com
> To: todd.miller at courtesan.com
> Date: Tue, 20 Aug 2013 15:07:41 -0500
> CC: sudo-users at sudo.ws
> Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
>
> Sorry Todd. I am not very skilled at merging code.
>
> patch -i ldap.c.patch
> patch: 3016-037 Malformed patch at line 4: } else
>
> I guess I can make the changes manually.
>
> > From: Todd.Miller at courtesan.com
> > To: kevev at hotmail.com
> > CC: sudo-users at sudo.ws
> > Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> > Date: Tue, 20 Aug 2013 10:37:57 -0600
> >
> > I don't have an AIX machine with the IBM ldap libs to test on but
> > I have verified that sudo works on Solaris with IBM ldap 6.3 libs.
> > The LDAP server I'm running is OpenLDAP.
> >
> > Looking at your ldap.conf file, I think you may need to remove the
> > quotes from the TLS_KEYPW parameter.
> >
> > You also might try using start_tls instead of an ldaps connection.
> > E.g.
> >
> > uri ldap://server1.local ldap://server2.local
> > ssl start_tls
> >
> > Below is a patch that gives a better error message from
> > ldap_ssl_client_init(). It may help track down the issue. You'll
> > need to look up the ssl reason code online.
> >
> > - todd
> >
> > diff -r 6c7cec552ea3 plugins/sudoers/ldap.c
> > --- a/plugins/sudoers/ldap.c Wed Jun 12 20:53:44 2013 -0400
> > +++ b/plugins/sudoers/ldap.c Tue Aug 20 10:20:48 2013 -0600
> > @@ -603,8 +603,12 @@
> > } else
> > #elif defined(HAVE_LDAP_SSL_INIT) && defined(HAVE_LDAP_SSL_CLIENT_INIT)
> > if (ldap_conf.ssl_mode == SUDO_LDAP_SSL) {
> > - if (ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw, 0, &rc) != LDAP_SUCCESS) {
> > - warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc));
> > + int sslrc;
> > + rc = ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw,
> > + 0, &sslrc);
> > + if (rc != LDAP_SUCCESS) {
> > + warningx("ldap_ssl_client_init(): %s (SSL reason code %d)",
> > + ldap_err2string(rc), sslrc);
> > debug_return_int(-1);
> > }
> > DPRINTF2("ldap_ssl_init(%s, %d, NULL)", host, port);
> > @@ -2345,8 +2349,12 @@
> > }
> > DPRINTF1("ldap_start_tls_s() ok");
> > #elif defined(HAVE_LDAP_SSL_CLIENT_INIT) && defined(HAVE_LDAP_START_TLS_S_NP)
> > - if (ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw, 0, &rc) != LDAP_SUCCESS) {
> > - warningx("ldap_ssl_client_init(): %s", ldap_err2string(rc));
> > + int sslrc;
> > + rc = ldap_ssl_client_init(ldap_conf.tls_keyfile, ldap_conf.tls_keypw,
> > + 0, &sslrc);
> > + if (rc != LDAP_SUCCESS) {
> > + warningx("ldap_ssl_client_init(): %s (SSL reason code %d)",
> > + ldap_err2string(rc), sslrc);
> > debug_return_int(-1);
> > }
> > rc = ldap_start_tls_s_np(ld, NULL);
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list