[sudo-users] LDAPS + sudo + AIX 7.1
ace man
kevev at hotmail.com
Wed Oct 23 06:06:20 MDT 2013
Thank You for the reply. I am only seeing one being parsed with both hostnames in the one uri line. The first hostname is used always. If I disabled the first LDAP server sudo never tries the second one.
> From: Todd.Miller at courtesan.com
> To: kevev at hotmail.com
> CC: sudo-users at sudo.ws
> Subject: Re: [sudo-users] LDAPS + sudo + AIX 7.1
> Date: Tue, 22 Oct 2013 16:50:34 -0600
>
> On Mon, 21 Oct 2013 16:02:52 -0500, ace man wrote:
>
> > I am sorry if I am not allowed to revive an old thread. I noticed today that
> > sudo is not detecting multiple URIs in /etc/ldap.conf .
> >
> > I tried:
> >
> > uri ldap://ldapserver1 ldap://ldapserver2
>
> That should work OK. From the debug output I can see that ldap_init()
> is being called with both host names. The IBM LDAP docs state that
> multiple hosts are supported so sudo appears to be doing the right
> thing there. Are you not seeing failover to the second server?
>
> > and
> >
> > uri ldap://ldapserver1
> > uri ldap://ldapserver2
>
> This should work too but there is a bug in the uri parser that
> causes only the last one to be added. That bug will be fixed in
> sudo 1.8.9.
>
> - todd
More information about the sudo-users
mailing list