If you could include ldap debugging information for the version that is not working that might provide some hints. Something like: Debug sudoers.so /var/adm/sudoers_debug ldap at debug in sudo.conf will do it. - todd