[sudo-workers] Compiling sudo for AIX 5.3 with LDAP

Wong Ren Ren.Wong at comverse.com
Tue Sep 13 14:24:39 EDT 2011

Got a little bit further after compiling with "-libmldap" but getting the following when running "sudo -l"

        #/usr/local/bin/sudo -l
        sudo: no valid sudoers sources found, quitting
        sudo: unable to initialize policy plugin

BTW, there is no /etc/sudo.conf nor /etc/ldap.conf. (Since this is IBM LDAP,the file is /etc/security/ldap/ldap.cfg)
Is it necessary to have a /etc/ldap.conf?  Truss of the sudo shows the following:

open("/etc/ldap.conf", O_RDONLY|O_LARGEFILE)    Err#2  ENOENT
sudokwrite(2, " s u d o", 4)                    = 4
: kwrite(2, " :  ", 2)                          = 2
no validkwrite(2, " n o   v a l i d", 8)                = 8
 sudoerskwrite(2, "   s u d o e r s", 8)                = 8
 sourceskwrite(2, "   s o u r c e s", 8)                = 8
 found, kwrite(2, "   f o u n d ,  ", 8)                = 8
quittingkwrite(2, " q u i t t i n g", 8)                = 8

kwrite(2, "\n", 1)                              = 1
open("/usr/local/share/locale/en_US/LC_MESSAGES/sudo.mo", O_RDONLY) Err#2  ENOENT
open("/usr/local/share/locale/en/LC_MESSAGES/sudo.mo", O_RDONLY) Err#2  ENOENT
sudokwrite(2, " s u d o", 4)                    = 4
: kwrite(2, " :  ", 2)                          = 2
unable to initialize policy pluginkwrite(2, " u n a b l e   t o   i n".., 34)   = 34

-----Original Message-----
From: Todd C. Miller [mailto:Todd.Miller at courtesan.com]
Sent: Tuesday, September 13, 2011 1:23 PM
To: Wong Ren
Cc: sudo-workers at sudo.ws
Subject: Re: [sudo-workers] Compiling sudo for AIX 5.3 with LDAP

On Tue, 13 Sep 2011 10:12:09 PDT, Wong Ren wrote:

> It does not look like a linked file:
> #ls -l /usr/local/libexec/sudoers.so
> -rwxr-xr-x    1 root     system      1470984 Sep 13 17:32 /usr/local/libexec/
> sudoers.so

It may be that the error has to do with the ldap library symbolic
link.  Can you try removing the libldap.a link that you created and
change the -lldap in plugins/sudoers/Makefile to -libmldap instead?
You'll need to do a "make clean" and then re-make it after editing

 - todd

“This e-mail message may contain confidential, commercial or privileged information that constitutes proprietary information of Comverse Technology or its subsidiaries. If you are not the intended recipient of this message, you are hereby notified that any review, use or distribution of this information is absolutely prohibited and we request that you delete all copies and contact us by e-mailing to: security at comverse.com. Thank You.”

More information about the sudo-workers mailing list