[Pkg-openldap-devel] Bug#545414: sudo-ldap: sudo fails with "sudo: setreuid(ROOT_UID, user_uid): Operation not permitted" for ldap users
David Adam
zanchey at ucc.gu.uwa.edu.au
Mon Dec 6 15:59:09 UTC 2010
This bit us on trial upgrades to Squeeze, and as this has not yet been
fixed I would strongly recommend a section in the release notes on
"Possible issues during upgrade" or "Issues to be aware of for squeeze",
perhaps along the following lines:
"libnss-ldap and libpam-ldap: updates to the cryptography libraries mean
that any programs which attempt to change their effective privileges,
including sudo(8), may fail when libnss-ldap is configured to use an LDAP
server using TLS or SSL.
To work around this problem, you can replace libnss-ldap with
libnss-ldapd, a newer library which uses separate daemon (nslcd) for all
LDAP lookups. The replacement for libpam-ldap is libpam-ldapd.
Note that libnss-ldapd recommends the NSS caching daemon, nscd, which you
should evaluate for suitability in your environment before installing.
Further information is available in bugs #566351 and #545414."
David Adam
UCC Wheel Member
zanchey at ucc.gu.uwa.edu.au
More information about the Pkg-openldap-devel
mailing list