> The actual problem is that sudo doesn't recognize > the DEREF setting in ldap.conf. This will be fixed in sudo 1.8.3.
I backported sudo-ldap 1.8.3p1-2 for squeeze and tried ist again. It still does not work. Some Options are recognized as you can see from "sudoers_debug 2" Output: sudo: ldap_initialize(ld, ldap://xxxxxxxx/ ldap://yyyyyyy/) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_checkpeer -> 1 sudo: ldap_set_option: tls_cacertfile -> /etc/certs/XXXXX.crt sudo: ldap_set_option: tls_cacert -> /etc/certs/XXXXX.crt sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 2) sudo: ldap_start_tls_s() ok sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: no default options found in ou=sudo,ou=Access,dc=ldap1,ou=All Servers,ou=Servers,o=Network,dc=xxxx,dc=net sudo: ldap search '(|(sudoUser=mw)(sudoUser=%staff)(sudoUser=%adm)(sudoUser=ALL))' sudo: searching from base 'ou=sudo,ou=Access,dc=ldap1,ou=All Servers,ou=Servers,o=Network,dc=xxxx,dc=net' sudo: nothing found for '(|(sudoUser=mw)(sudoUser=%staff)(sudoUser=%adm)(sudoUser=ALL))' sudo: ldap search '(sudoUser=+*)' sudo: searching from base 'ou=sudo,ou=Access,dc=ldap1,ou=All Servers,ou=Servers,o=Network,dc=xxxx,dc=net' sudo: nothing found for '(sudoUser=+*)' sudo: sorting remaining 0 entries sudo: searching LDAP for sudoers entries sudo: done with LDAP searches sudo: user_matches=0 sudo: host_matches=0 I still had a look at the source code in plugins/sudoers/ldap.c, but i'm no c-programmer. The difference between parsing of deref an other options seems, that the deref value could be one of several strings. Other options usually are integer, boolean or string. deref is a string which can have one the values always, findig, never, ... So the parsing of deref is solved in another way like parsing of the other values. There is a special value #define CONF_DEREF_VAL 5 in line 71 of plugins/sudoers/ldap.c and this is used in a case from line 115 on: case CONF_DEREF_VAL But i don't see a set action there. Shouldn't deref be set by "ldap_set_options" like the other values? Beginning with line 1740 (/* Set simple LDAP options */) it looks for me like all options are set, but solely if they are of type CONF_BOOL, CONF_INT or CONF_STR. Cause deref is CONF_DEREF_VAL it never comes to the ldap_set_options. Could this be the fault? Is there a case for CONF_DEREF_VAL missing? Similiar to the case CONF_STR ? Regards, Matthias -- Matthias Wamser, Senior Systems Engineer, mailto: m...@ilk.net ILK Internet GmbH, Am Sandfeld 15 a, D-76149 Karlsruhe Tel: +49 (0) 721 9100 0, http://www.ilk.net Geschaeftsfuehrer Matthias Felger, AG Mannheim, HRB 107037 -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
