Bug 198 – ldap_start_tls_s() fails to connect when users aren't in /etc/shadow

Bug 198 - ldap_start_tls_s() fails to connect when users aren't in /etc/shadow


Summary:	ldap_start_tls_s() fails to connect when users aren't in /etc/shadow

Status:	RESOLVED INVALID

Product:	Sudo
Classification:	Unclassified
Component:	Sudo
Version:	1.6.8
Hardware:	PC Linux

Importance:	normal normal
Assigned To:	Todd C. Miller

URL:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2005-11-02 10:12 MST by Eric G Ortego
Modified:	2005-11-04 12:18 MST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eric G Ortego 2005-11-02 10:12:58 MST

All of my users account information except for 1 are stored in ldap.
If have the following in nsswitch.conf(shadow:  files ldap) all users except the
one local one get this error and sudo falls back to non tls connection anyhow(I
think this is already in another bug.)

ldap_start_tls_s(): -11: Connect error

If I remove the local user's entry in /etc/shadow that user also gets the
Connect error. Even if that user has an identical entry in ldap which I can
verify with getent shadow 

If I switch the nsswitch.conf entry to shadow: ldap files everyone gets the
error nomatter if they are local or in ldap.

Comment 1 Eric G Ortego 2005-11-04 10:18:58 MST

I built an identical server using the same directory and am not seeing this
problem. I think this is related to pam_ldap's starttls