Red Hat Bugzilla – Bug 971013
sudo and nss_ldap use different ldap.conf
Last modified: 2014-06-13 05:56:29 EDT
+++ This bug was initially created as a clone of Bug #652687 +++
Description of problem:
When configuring a system for ldap lookups in PAM, sudo requires admin to have both /etc/ldap.conf and /etc/nss_ldap.conf
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Configure system for ldap auth via nss_ldap (/etc/nss_ldap.conf)
2. Attempt to use sudo (fail)
3. cat /etc/nss_ldap.conf > /etc/ldap.conf
4. attempt to use sudo (win)
nss_ldap and sudo use different ldap config files
in 1st shell
$ sudo -i
# ps -ef | grep <username>
# strace -o /tmp/strace.out -f -s99 -p <pid-of-bash>
in 2nd shell
$ sudo uptime
in 1st shell
CTRL-C to detach strace, then
# egrep 'ldap\.conf' /tmp/strace.out
nss_ldap and sudo should use same ldap configuration
(either /etc/nss_ldap.conf OR /etc/ldap.conf, but not both)
With %build of the spec file for sudo-1.7.4p4,
configure specifies "--with-ldap" but
does not specify "--with-ldap-conf-file"
to be consistent with nss_ldap.
The outcome is a single ldap configuration must exist in two places:
/etc/ldap.conf for sudo
/etc/nss_ldap.conf for nss_ldap
This request was resolved in Red Hat Enterprise Linux 7.0.
Contact your manager or support representative in case you have further questions about the request.