LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Server (https://www.linuxquestions.org/questions/linux-server-73/)
-   -   sudo: Can't contact LDAP server with SSL and PAM (https://www.linuxquestions.org/questions/linux-server-73/sudo-cant-contact-ldap-server-with-ssl-and-pam-4175445489/)

sebastienliu 01-14-2013 12:47 AM

sudo: Can't contact LDAP server with SSL and PAM
 
The LDAP server is on Centos5.8 and one of client nodes is Centos 6.3. I configured the client node contact LDAP server successfully and the account can be authenticated, but when I type command 'sudo -s' on the client, the system reported : sudo: ldap_sasl_bind_s(): Can't contact LDAP server.

connection between client and server is via ssl through port 636, which I have configured in /etc/nslcd.conf.

I created a sudo group in LDAP server and avoid using local sudo configuration.

I am able to ssh client node using LDAP user, but sudoers cannot be verified, keep asking for password.

sebastienliu 01-15-2013 12:02 AM

More precisely I will post debug messages.

I have already modified /etc/sudo-ldap.conf which should be the configuration file for LDAP in CentOS6.3 to fix a bug reported on CentOS6.1.


$ sudo -s
LDAP Config Summary
=============================
uri ldaps://ldap.frontfoot.net.au:636/
ldap_version 3
sudoers_base ou=sudoers,dc=frontfoot,dc=net,dc=au
binddn (anonymous)
bindpw (anonymous)
bind_timelimit 10000
ssl (no)
=============================
sudo: ldap_set_option: debug->0
sudo: ldap_initializer(ld, ldaps://ldap.frontfoot.net.au:636/)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10)
sudo: ldap_sasl_bind_s(): Can't contact LDAP server


All times are GMT -5. The time now is 10:44 AM.