[sudo-workers] Compiling sudo for AIX 5.3 with LDAP

Wong Ren Ren.Wong at comverse.com
Tue Sep 13 13:12:09 EDT 2011

Hi Todd,

Thanks for your response. The sudo version is 1.8.2.

It does not look like a linked file:

#ls -l /usr/local/libexec/sudoers.so
-rwxr-xr-x    1 root     system      1470984 Sep 13 17:32 /usr/local/libexec/sudoers.so


-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Tuesday, September 13, 2011 1:08 PM
To: Wong Ren
Cc: sudo-workers at sudo.ws
Subject: Re: [sudo-workers] Compiling sudo for AIX 5.3 with LDAP

On Tue, 13 Sep 2011 09:18:42 PDT, Wong Ren wrote:

> When compiling sudo with LDAP on AIX 5.3, does the sudo expect IBM AIX LDAP i
> mplementation or OpenLDAP ?

Sudo expects the ldap library to be call libldap but does not require
a specific LDAP implementation.  People have used the Tivoli LDAP
with sudo before.  The configure script should probably check for
libibmldap as well if no libldap is found.

> I have the environment setup to IBM LDAP
> LDFLAGS=-L/usr/ldap/lib-L/usr/ldap/lib/aix5
> CPPFLAGS=-I/usr/ldap/include
> ./configure --with-ldap
> When the "make" is executed, it cannot find the libldap.a.  I had to link the
>  libibmldap.a to libldap.a in order for the make to be successful.

You could just edit plugins/sudoers/Makefile and change -lldap to
-libmldap instead.

> After "make package" and have the bff installed when running "sudo -l", I got
>  the following error:
> sudo: /usr/local/libexec/sudoers.so must be only be writable by owner
> sudo: fatal error, unable to load plugins
> After changing the permission to 755:
> #chmod 755 /usr/local/libexec/sudoers.so
> # sudo -l
> sudo: unable to dlopen /usr/local/libexec/sudoers.so: There are too many leve
> ls of symbolic links to translate a path name.
> sudo: fatal error, unable to load plugins

It sounds like /usr/local/libexec/sudoers.so is eiter a link to
itself or a link to another file that links back to sudoers.so.

Can you send the output of:

    ls -l /usr/local/libexec/sudoers.so

Also, which version of sudo are you trying to build?

 - todd

“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Technology or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security at comverse.com. Thank You.”

More information about the sudo-workers mailing list