On Mon, May 22, 2006 at 08:08:19AM +1000, Alexander Samad wrote: > > > it faills and I get with with debuging turned on
> > > LDAP Config Summary > > > =================== > > > uri ldaps://hufpuf.lan1.hme1.samad.com.au > > > ldap_version 3 > > > sudoers_base ou=SUDOers,dc=samad,dc=com,dc=au > > > binddn (anonymous) > > > bindpw (anonymous) > > > ssl (no) > > > =================== > > > ldap_initialize(ld,ldaps://hufpuf.lan1.hme1.samad.com.au) > > > ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03) > > > ldap_simple_bind_s()=81 : Can't contact LDAP server > > Why do you say that this is a sudo-ldap bug? What tests have you done to > > verify that this isn't a network/firewall bug or a libldap bug? > I configure a working system to start with. The ldap server is on the > same machine, there are no iptable entries. libnss-ldap and libpam-ldap > work when I make the change from ldap://127.0.0.1 to > ldaps://hufpuf.lan1.hme1.samad.com.au > when I turn on logging from openldap I notice a connection being made > and then I notice the connectect is closed, no bind is attempted. > I can't rule out a libldap bug how can I test this ? Well, it sounds to me like we can rule out a libldap problem based on this. What I do notice is that you have an ldaps uri in the debugging output, but it claims "ssl" is not enabled. Is /etc/ldap/ldap.conf identical to /etc/libnss-ldap.conf and /etc/libpam-ldap.conf? Does negotiating an SSL connection with this server require access to SSL certificates stored in files which may not be accessible to sudo prior to assuming root perms? -- Steve Langasek Give me a lever long enough and a Free OS Debian Developer to set it on, and I can move the world. [EMAIL PROTECTED] http://www.debian.org/
signature.asc
Description: Digital signature
