[sudo-workers] Re: [Bug 145] TLS_CACERT is not checked while connecting to LDAP server

Aaron Spangler as at insight.rr.com
Fri Aug 27 10:53:37 EDT 2004

Hi Timur,

Thanks for the submit.  I have addressed both of these last two issues.  
Currently the changes are only available in the CVS repository.

1) I'm not entirely sure why Debian seperates out the config file since 
pam-ldap, nss-ldap, and sudo are designed share the /etc/ldap.conf (like 
nsswitch.conf is shared), but you should be allowed to do it anyway.  So 
for those who want to seperate it out, you can now relocate the 
ldap.conf directly from configure:

Old Way:

$ CFLAGS="-DLDAP_CONFIG=/etc/sudo-ldap.conf" ./configure <options>

New Way:

$ ./configure  <options> --with-ldap-conf-file=/etc/sudo-ldap.conf

2) A few of the ldap.conf undocumented options are now better documented 
in the README.LDAP file.

The main issue of Bug #145 is being addressed seperately and will be 
tracked via bugzilla.

- Aaron

bugzilla-daemon at courtesan.com wrote:

>------- Additional Comments From timur at oktetlabs.ru  2004-08-27 07:34 -------
>Exactly, I meant suppport of "tls_checkpeer" and "tls_cacert{file,dir}" options.
>This feature is really needed.
>I wolud like to withdraw the two last issues about location of ldap.conf and
>"ssl" name. Debian  has no /etc/ldap.conf, it uses pam_ldap.conf and
>libnss-ldap.conf, so I thought that /etc/ldap/ldap.conf should be the config
>file for sudo and mixed up the option names. I'm sorry for bothering you with that.
>------- You are receiving this mail because: -------
>You are the assignee for the bug, or are watching the assignee.

More information about the sudo-workers mailing list