Bug#368297: sudo-ldap failes when you change uri to ldaps

ramon vazquez ramonvazquez881 at gmail.com
Wed Sep 24 07:41:17 UTC 2014 

Date: Mon, 22 May 2006 08:08:19 +1000
>From: Alexander Samad <alex at samad.com.au>
>-------------
>Body: On Sun, May 21, 2006 at 02:17:04PM -0500, Steve Langasek wrote:
>> On Sun, May 21, 2006 at 07:25:38PM +1000, Alexander Samad wrote:
>> > Package: sudo-ldap
>> > Version: 1.6.8p12-4
>> > Severity: grave
>> > Justification: renders package unusable
>>
>> > I have setup sudo-ldap to use the local ldap db. My /etc/ldap/ldap.conf
>> > has
>>
>> > uri ldap://127.0.0.1
>>
>> > when I change this to
>>
>> > uri ldaps://hufpuf.lan1.hme1.samad.com.au
>>
>> > it faills and I get with with debuging turned on
>>
>> > LDAP Config Summary
>> > ===================
>> > uri          ldaps://hufpuf.lan1.hme1.samad.com.au
>> > ldap_version 3
>> > sudoers_base ou=SUDOers,dc=samad,dc=com,dc=au
>> > binddn       (anonymous)
>> > bindpw       (anonymous)
>> > ssl          (no)
>> > ===================
>> > ldap_initialize(ld,ldaps://hufpuf.lan1.hme1.samad.com.au)
>> > ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,0x03)
>> > ldap_simple_bind_s()=81 : Can't contact LDAP server
>>
>> Why do you say that this is a sudo-ldap bug?  What tests have you done to
>> verify that this isn't a network/firewall bug or a libldap bug?
>
>Hi
>
>I configure a working system to start with.  The ldap server is on the
>same machine, there are no iptable entries. libnss-ldap and libpam-ldap
>work when I make the change from ldap://127.0.0.1 to
>ldaps://hufpuf.lan1.hme1.samad.com.au
>
>when I turn on logging from openldap I notice a connection being made
>and then I notice the connectect is closed, no bind is attempted.
>
>I can't rule out a libldap bug how can I test this ?
>
>when I use ldapsearch with anon ldaps:// it works, but it links against
>the 2.2 ldaplibraries.
>
>
>>
>> --
>> Steve Langasek                   Give me a lever long enough and a Free
OS
>> Debian Developer                   to set it on, and I can move the
world.
>> vorlon at debian.org
http://www.debian.org/
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-gnutls-maint/attachments/20140924/25d92115/attachment.html>

More information about the Pkg-gnutls-maint mailing list