I can confirm this bug existed in karmic and still exists in lucid, and has gotten worse since /etc/sudo-ldap.conf is now a symbolic link to /etc/ldap/ldap.conf. Not knowing this, I tried to edit /etc/sudo- ldap.conf and change ldaps to ldap, accidentally turning off encryption for all NSS/PAM LDAP activity including passwords!
The page linked above is only partially relevant, since it deals with connection debugging with ldapsearch, which works just fine with ldaps in this case. I did the gnutls-client part and got the following: Processed 1 CA certificate(s). Resolving 'mail....de'... Connecting to '172.16.6.1:636'... - Certificate type: X.509 - Got a certificate list of 1 certificates. - Certificate[0] info: - subject `C=DE,ST=NRW...,CN=mail....de,email=ad...@mail....de', issuer `C=DE,ST=NRW,...,CN=....de,email=ad...@...de', RSA key 2048 bits, signed using RSA-SHA, activated `2009-11-30 13:22:21 UTC', expires `2010-11-30 13:22:21 UTC', SHA-1 fingerprint `a4f903c0b1169e02172136933781cca3f5c9ca72' - The hostname in the certificate matches 'mail....de'. - Peer's certificate is trusted - Version: TLS1.1 - Key Exchange: RSA - Cipher: AES-128-CBC - MAC: SHA1 - Compression: NULL - Handshake was completed - Simple Client Mode: Looks like a perfect conection, I think. -- sudo-ldap not working with ldaps https://bugs.launchpad.net/bugs/115967 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
