Bug#949519: sudo-ldap: Fails to connect to LDAP : "ldap_sasl_bind_s(): Can't contact LDAP server"

Tue, 21 Jan 2020 08:03:47 -0800 

Package: sudo-ldap
Version: 1.8.27-1+deb10u1
Severity: grave
Justification: renders package unusable


jc@server1:~$ sudo -l
sudo: LDAP Config Summary
sudo: ===================
sudo: uri              ldaps://server2.mydomain.com/ 
ldaps://server3.mydomain.com/
sudo: ldap_version     3
sudo: sudoers_base     ou=SUDOers,dc=mydomain,dc=com
sudo: search_filter    (objectClass=sudoRole)
sudo: netgroup_base (NONE: will use nsswitch)
sudo: netgroup_search_filter (objectClass=nisNetgroup)
sudo: binddn           (anonymous)
sudo: bindpw           (anonymous)
sudo: ssl              (no)
sudo: tls_reqcert    allow
sudo: tls_cacertfile   /etc/ldap/certificates/cacert.pem
sudo: ===================
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: tls_cacertfile -> /etc/ldap/certificates/cacert.pem
sudo: ldap_set_option: tls_cacert -> /etc/ldap/certificates/cacert.pem
sudo: ldap_initialize(ld, ldaps://server2.mydomain.com/ 
ldaps://server3.mydomain.com/)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option(LDAP_OPT_TIMEOUT, 500)
sudo: ldap_sasl_bind_s(): Can't contact LDAP server
[sudo] password for jc: 
Sorry, user jc may not run sudo on server1.


The same configuration works on a Strecth client.


-- System Information:
Debian Release: 10.2
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-6-amd64 (SMP w/24 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), 
LANGUAGE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages sudo-ldap depends on:
ii  libaudit1       1:2.8.4-3
ii  libc6           2.28-10
ii  libldap-2.4-2   2.4.47+dfsg-3+deb10u1
ii  libpam-modules  1.3.1-5
ii  libpam0g        1.3.1-5
ii  libselinux1     2.8-1+b1
ii  lsb-base        10.2019051400

sudo-ldap recommends no packages.

sudo-ldap suggests no packages.

-- no debconf information


-- IMPORTANT NOTICE: 

The contents of this email and any attachments are confidential and may also be 
privileged. If you are not the intended recipient, please notify the sender 
immediately and do not disclose the contents to any other person, use it for 
any purpose, or store or copy the information in any medium. Thank you.

Reply via email to