[sudo-users] compile sudo-1.8.9p4 on AIX7 with LDAP support

ralph.meier at merckgroup.com ralph.meier at merckgroup.com
Mon Jan 27 04:13:46 MST 2014 

Thank you very much. The patch worked for me and sudo runs fine.
But it only works without ssl. Switching to ssl results in this error:

sudo: ldap_sasl_bind_s(): Can't contact LDAP server
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin

The sudo section in /etc/security/ldap/ldap.cfg looks like this:

URI ldaps://ldap01.sample.de ldaps://ldap02.sample.de
binddn cn=anonymous,dc=sample,dc=com
sudoers_base ou=sudoers,dc=sample,dc=com
ssl on
TLS_CHECKPEER   no 

- Ralph




From:   "Todd C. Miller" <Todd.Miller at courtesan.com>
To:     ralph.meier at merckgroup.com, 
Cc:     sudo-users at sudo.ws
Date:   24.01.2014 17:42
Subject:        Re: [sudo-users] compile sudo-1.8.9p4 on AIX7 with LDAP 
support



Can you try the following patch?  You can make the changes by hand
if the patch doesn't apply for you (just remove those two extra 's').

 - todd

diff -r af887ad59425 plugins/sudoers/sudo_nss.c
--- a/plugins/sudoers/sudo_nss.c                 Wed Jan 15 06:03:05 2014 
-0700
+++ b/plugins/sudoers/sudo_nss.c                 Fri Jan 24 09:41:26 2014 
-0700
@@ -137,7 +137,7 @@
 {
     FILE *fp;
     char *cp, *ep, *line = NULL;
-    ssize_t linesize = 0;
+    size_t linesize = 0;
 #ifdef HAVE_SSSD
     bool saw_sss = false;
 #endif
@@ -212,7 +212,7 @@
 nomatch:
     /* Default to files only if no matches */
     if (TAILQ_EMPTY(&snl))
-                TAILQ_INSERT_TAIL(&snl, &sudo_nss_files, entries);
+                TAILQ_INSERT_TAIL(&snl, &sudo_nss_file, entries);
 
     debug_return_ptr(&snl);
 }




This message and any attachment are confidential and may be privileged or otherwise protected from disclosure. If you are not the intended recipient, you must not copy this message or attachment or disclose the contents to any other person. If you have received this transmission in error, please notify the sender immediately and delete the message and any attachment from your system. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not accept liability for any omissions or errors in this message which may arise as a result of E-Mail-transmission or for damages resulting from any unauthorized changes of the content of this message and any attachment thereto. Merck KGaA, Darmstadt, Germany and any of its subsidiaries do not guarantee that this message is free of viruses and does not accept liability for any damages caused by any virus transmitted therewith.

Click http://www.merckgroup.com/disclaimer to access the German, French, Spanish and Portuguese versions of this disclaimer.

More information about the sudo-users mailing list