First Last Prev Next    This bug is not in your last search results.
Bug 523 - DNS SRV Record Support
DNS SRV Record Support
Status: ASSIGNED
Product: Sudo
Classification: Unclassified
Component: Sudoers
1.8.3
PC Linux
: low normal
Assigned To: Todd C. Miller
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-11-23 19:03 MST by James Cape
Modified: 2011-11-24 08:51 MST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description James Cape 2011-11-23 19:03:03 MST 
OpenLDAP 2.4 supports LDAP URIs in the form of ldap:///dc=example,dc=com (albeit URI escaped), which would transparently perform a DNS SRV lookup against _ldap._tcp.example.com, if given directly to ldap_initialize().

Unfortunately, Sudo's LDAP plugin is being too clever about it's URI handling, which precludes this useful and otherwise valid input.

I'd recommend simply removing the URL munging stuff altogether (i.e. ldap.c:sudo_ldap_parse_uri) and replacing it item with a simple URI string as provided by the user, but I'm not sure what else that would break.

- jmc
Comment 1 Todd C. Miller 2011-11-24 08:51:35 MST 
Actually, if you look closely you'll see that sudo_ldap_parse_uri() is only used for LDAP libraries that lack ldap_initialize(), which is specific to OpenLDAP.  If you set

sudoers_debug 2

in ldap.conf you should see a debugging line with the argument passed to ldap_initialize()
First Last Prev Next    This bug is not in your last search results.