I set "SUDOERS_DEBUG 2" in /etc/sudo-ldap.conf and found out the
problem. First, sudo-ldap failed to verify the server certficate,
despite I had specified a CA cert. Second, it ignored the option to not
verify the certificate as well.
A closer look at the manpage of sudo-ldap reveals that the standard
ldap.conf and sudo-ldap use different options for the same thing.
Standard ldap.conf uses TLS_CACERT, while sudo-ldap uses TLS_CACERTFILE.
Standard is TLS_REQCERT (yes/no), while sudo-ldap uses TLS_CHECKPEER
(yes/no).
I now have TLS_CACERT as well as TLS_CACERTFILE and it works.
I don't know whether the standards have changed recently and sudo-ldap
in lucid is ahead of time, but this should be unified in any case.
** Changed in: sudo (Ubuntu)
Status: Incomplete => Confirmed
--
sudo-ldap not working with ldaps
https://bugs.launchpad.net/bugs/115967
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
