The LDAP server is on Centos5.8 and one of client nodes is Centos 6.3. I configured the client node contact LDAP server successfully and the account can be authenticated, but when I type command 'sudo -s' on the client, the system reported : sudo: ldap_sasl_bind_s(): Can't contact LDAP server.

connection between client and server is via ssl through port 636, which I have configured in /etc/nslcd.conf.

I created a sudo group in LDAP server and avoid using local sudo configuration.

I am able to ssh client node using LDAP user, but sudoers cannot be verified, keep asking for password.

More precisely I will post debug messages.

I have already modified /etc/sudo-ldap.conf which should be the configuration file for LDAP in CentOS6.3 to fix a bug reported on CentOS6.1.


$ sudo -s
LDAP Config Summary
=============================
uri ldaps://ldap.frontfoot.net.au:636/
ldap_version 3
sudoers_base ou=sudoers,dc=frontfoot,dc=net,dc=au
binddn (anonymous)
bindpw (anonymous)
bind_timelimit 10000
ssl (no)
=============================
sudo: ldap_set_option: debug->0
sudo: ldap_initializer(ld, ldaps://ldap.frontfoot.net.au:636/)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10)
sudo: ldap_sasl_bind_s(): Can't contact LDAP server