-   Linux - Server (
-   -   sudo: Can't contact LDAP server with SSL and PAM (

sebastienliu 01-14-2013 01:47 AM

sudo: Can't contact LDAP server with SSL and PAM
The LDAP server is on Centos5.8 and one of client nodes is Centos 6.3. I configured the client node contact LDAP server successfully and the account can be authenticated, but when I type command 'sudo -s' on the client, the system reported : sudo: ldap_sasl_bind_s(): Can't contact LDAP server.

connection between client and server is via ssl through port 636, which I have configured in /etc/nslcd.conf.

I created a sudo group in LDAP server and avoid using local sudo configuration.

I am able to ssh client node using LDAP user, but sudoers cannot be verified, keep asking for password.

sebastienliu 01-15-2013 01:02 AM

More precisely I will post debug messages.

I have already modified /etc/sudo-ldap.conf which should be the configuration file for LDAP in CentOS6.3 to fix a bug reported on CentOS6.1.

$ sudo -s
LDAP Config Summary
uri ldaps://
ldap_version 3
sudoers_base ou=sudoers,dc=frontfoot,dc=net,dc=au
binddn (anonymous)
bindpw (anonymous)
bind_timelimit 10000
ssl (no)
sudo: ldap_set_option: debug->0
sudo: ldap_initializer(ld, ldaps://
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 10)
sudo: ldap_sasl_bind_s(): Can't contact LDAP server

All times are GMT -5. The time now is 03:55 PM.