[Pkg-openldap-devel] Bug#545414: sudo-ldap: sudo fails with "sudo: setreuid(ROOT_UID, user_uid): Operation not permitted" for ldap users

Arthur de Jong adejong at debian.org
Mon Dec 27 15:15:38 UTC 2010


On Fri, 2010-12-10 at 15:31 +0100, Arthur de Jong wrote:
> If no-one thinks it is a bad idea I can change the earlier text to be a
> recommendation to switch to nss-pam-ldapd instead of a proposed
> workaround.

I've updated the patch to the release notes (attached) to become a
recommendation to switch to nss-pam-ldapd.

Note that I don't think this will totally fix the problem with sudo-ldap
(haven't checked) because it will still do LDAP searches to retrieve the
sudoers information. If those searches go over SSL/TLS the problem will
still be triggered.

Dear release notes team, should this change be committed to the release
notes?

Also, do you think it is a good idea to highlight the switch to
nss-pam-ldapd a bit more in the "What's new" section? I think it should
also be a good idea to switch for people not affected by this specific
problem. I can provide a patch if needed.

Thanks.

-- 
-- arthur - adejong at debian.org - http://people.debian.org/~adejong --
-------------- next part --------------
A non-text attachment was scrubbed...
Name: release-notes-ldap-support.patch
Type: text/x-patch
Size: 2878 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20101227/8b1119aa/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-openldap-devel/attachments/20101227/8b1119aa/attachment.pgp>


More information about the Pkg-openldap-devel mailing list