[sudo-users] compile sudo-1.8.9p4 on AIX7 with LDAP support
Todd C. Miller
Todd.Miller at courtesan.com
Mon Jan 27 09:19:58 MST 2014
On Mon, 27 Jan 2014 12:13:46 +0100, ralph.meier at merckgroup.com wrote:
> Thank you very much. The patch worked for me and sudo runs fine.
> But it only works without ssl. Switching to ssl results in this error:
> sudo: ldap_sasl_bind_s(): Can't contact LDAP server
> sudo: no valid sudoers sources found, quitting
> sudo: unable to initialize policy plugin
> The sudo section in /etc/security/ldap/ldap.cfg looks like this:
> URI ldaps://ldap01.sample.de ldaps://ldap02.sample.de
> binddn cn=anonymous,dc=sample,dc=com
> sudoers_base ou=sudoers,dc=sample,dc=com
> ssl on
> TLS_CHECKPEER no
Sudo does not read /etc/security/ldap/ldap.cfg so you'll need to
create an /etc/ldap.conf file for it that contains those lines.
Unfortunately, the TLS_CHECKPEER setting is not supported using the
IBM ldap libraries so you will need to set TLS_KEY to a key database
that contains the certificate of the server.
In the sudoers.ldap manual, the parts that refer to the Tivoli LDAP
library also apply to IBM ldap (which is the same thing).
More information about the sudo-users