[sudo-users] LDAPS + sudo + AIX 7.1
ace man
kevev at hotmail.com
Tue Oct 22 12:39:08 MDT 2013
Here is the full output when I am trying to get it to fail to the second server:
user at host user #: sudo su -
sudo: LDAP Config Summary
sudo: ===================
sudo: uri ldap://ldapserver1.something.local/ ldap://ldapserver2.something.local/
sudo: ldap_version 3
sudo: sudoers_base ou=SUDOers,dc=ldap,dc=local
sudo: binddn (anonymous)
sudo: bindpw (anonymous)
sudo: bind_timelimit 5
sudo: timelimit 5
sudo: ssl start_tls
sudo: tls_checkpeer (yes)
sudo: tls_keyfile /ssl_client_sudoers/serverauth_client.kdb
sudo: ===================
sudo: ldap_init(ldapserver1.something.local ldapserver2.something.local, 389)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 5
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 5)
sudo: ldap_start_tls_s_np(): Can't contact LDAP server
user is not in the sudoers file. This incident will be reported.
> From: kevev at hotmail.com
> To: sudo-users at sudo.ws
> Date: Mon, 21 Oct 2013 16:02:52 -0500
> Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
>
> I am sorry if I am not allowed to revive an old thread. I noticed today that sudo is not detecting multiple URIs in /etc/ldap.conf .
>
> I tried:
>
> uri ldap://ldapserver1 ldap://ldapserver2
>
> and
>
> uri ldap://ldapserver1
> uri ldap://ldapserver2
>
> With the first setup only the first server is used.
>
> Relevent output:
> sudo: uri ldap://ldapserver1 ldap://ldapserver2
>
> sudo: ldap_init (ldapserver1 ldapserver2, 389)
>
> With the second setup only the second server is used.
>
> sudo: uri ldap://ldapserver1
> sudo: uri ldap://ldapserver2
>
> sudo: ldap_init (ldapserver2, 389)
>
> According to the Sudoers man page I should be able to use either of these stanzas to have sudo attempt to connect to both ldap servers.
>
> This is the same code setup from this thread if anyone wants history on my AIX setup. Any help would be appreciated. :o)
>
> > Date: Wed, 28 Aug 2013 10:55:20 -0400
> > From: syberghost at gmail.com
> > To: sudo-users at sudo.ws
> > Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> >
> > On Wed, Aug 28, 2013 at 10:43 AM, Todd C. Miller
> > <Todd.Miller at courtesan.com>wrote:
> >
> > > On Wed, 28 Aug 2013 08:03:54 -0500, ace man wrote:
> > >
> > > > I figured out my issue. It seems as though sudoers or AIX does not like
> > > > special characters in the TLS_KEYPW field.
> > > >
> > > > My password was like so #TssE!4v
> > >
> > > That is because '#' is the comment character so anything after the
> > > '#' was being ignored.
> >
> >
> > Not a good idea to use # in a password anyway, since on some platforms
> > that's the "erase" character when typing.
> > ____________________________________________________________
> > sudo-users mailing list <sudo-users at sudo.ws>
> > For list information, options, or to unsubscribe, visit:
> > http://www.sudo.ws/mailman/listinfo/sudo-users
>
> ____________________________________________________________
> sudo-users mailing list <sudo-users at sudo.ws>
> For list information, options, or to unsubscribe, visit:
> http://www.sudo.ws/mailman/listinfo/sudo-users
More information about the sudo-users
mailing list