Bug 198

Summary: ldap_start_tls_s() fails to connect when users aren't in /etc/shadow
Product: Sudo Reporter: Eric G Ortego <bugzilla>
Component: SudoAssignee: Todd C. Miller <Todd.Miller>
Status: RESOLVED INVALID    
Severity: normal    
Priority: normal    
Version: 1.6.8   
Hardware: PC   
OS: Linux   

Description Eric G Ortego 2005-11-02 10:12:58 MST 
All of my users account information except for 1 are stored in ldap.
If have the following in nsswitch.conf(shadow:  files ldap) all users except the
one local one get this error and sudo falls back to non tls connection anyhow(I
think this is already in another bug.)

ldap_start_tls_s(): -11: Connect error

If I remove the local user's entry in /etc/shadow that user also gets the
Connect error. Even if that user has an identical entry in ldap which I can
verify with getent shadow 

If I switch the nsswitch.conf entry to shadow: ldap files everyone gets the
error nomatter if they are local or in ldap.
Comment 1 Eric G Ortego 2005-11-04 10:18:58 MST 
I built an identical server using the same directory and am not seeing this
problem. I think this is related to pam_ldap's starttls