[sudo-users] LDAPS + sudo + AIX 7.1

ace man kevev at hotmail.com
Tue Oct 22 12:39:08 MDT 2013 

Here is the full output when I am trying to get it to fail to the second server:

user at host user #: sudo su -
sudo: LDAP Config Summary
sudo: ===================
sudo: uri              ldap://ldapserver1.something.local/ ldap://ldapserver2.something.local/
sudo: ldap_version     3
sudo: sudoers_base     ou=SUDOers,dc=ldap,dc=local
sudo: binddn           (anonymous)
sudo: bindpw           (anonymous)
sudo: bind_timelimit   5
sudo: timelimit        5
sudo: ssl              start_tls
sudo: tls_checkpeer    (yes)
sudo: tls_keyfile      /ssl_client_sudoers/serverauth_client.kdb
sudo: ===================
sudo: ldap_init(ldapserver1.something.local ldapserver2.something.local, 389)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 5
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
sudo: ldap_start_tls_s_np(): Can't contact LDAP server
user is not in the sudoers file.  This incident will be reported.

> From: kevev at hotmail.com
> To: sudo-users at sudo.ws
> Date: Mon, 21 Oct 2013 16:02:52 -0500
> Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> 
> I am sorry if I am not allowed to revive an old thread. I noticed today that sudo is not detecting multiple URIs in /etc/ldap.conf .
> 
> I tried:
> 
> uri ldap://ldapserver1 ldap://ldapserver2
> 
> and
> 
> uri ldap://ldapserver1
> uri ldap://ldapserver2
> 
> With the first setup only the first server is used.
> 
> Relevent output:
>      sudo: uri        ldap://ldapserver1 ldap://ldapserver2
> 
>      sudo: ldap_init (ldapserver1 ldapserver2, 389)
> 
> With the second setup only the second server is used.
> 
>      sudo: uri       ldap://ldapserver1
>      sudo: uri       ldap://ldapserver2
> 
>      sudo: ldap_init (ldapserver2, 389)
> 
> According to the Sudoers man page I should be able to use either of these stanzas to have sudo attempt to connect to both ldap servers.
> 
> This is the same code setup from this thread if anyone wants history on my AIX setup. Any help would be appreciated.  :o)
> 
> > Date: Wed, 28 Aug 2013 10:55:20 -0400
> > From: syberghost at gmail.com
> > To: sudo-users at sudo.ws
> > Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> > 
> > On Wed, Aug 28, 2013 at 10:43 AM, Todd C. Miller
> > <Todd.Miller at courtesan.com>wrote:
> > 
> > > On Wed, 28 Aug 2013 08:03:54 -0500, ace man wrote:
> > >
> > > > I figured out my issue. It seems as though sudoers or AIX does not like
> > > > special characters in the TLS_KEYPW field.
> > > >
> > > > My password was like so #TssE!4v
> > >
> > > That is because '#' is the comment character so anything after the
> > > '#' was being ignored.
> > 
> > 
> > Not a good idea to use # in a password anyway, since on some platforms
> > that's the "erase" character when typing.
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
>  		 	   		  
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users

More information about the sudo-users mailing list