openerp-india team mailing list archive

Thread
Date

[Question #249819]: sudo-ldap segfaults in 14.04 and ldap

To: openerp-india@xxxxxxxxxxxxxxxxxxx
From: Raubvogel <question249819@xxxxxxxxxxxxxxxxxxxxx>
Date: Thu, 05 Jun 2014 19:36:49 -0000
Reply-to: question249819@xxxxxxxxxxxxxxxxxxxxx
Sender: bounces@xxxxxxxxxxxxx

New question #249819 on sudo in Ubuntu:
https://answers.launchpad.net/ubuntu/+source/sudo/+question/249819

Dumb question: I am running a reasonably current version of 14.04:

raub@testfirewall:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 14.04 LTS
Release:        14.04
Codename:       trusty
raub@testfirewall:~$  uname -a
Linux testfirewall 3.13.0-27-generic #50-Ubuntu SMP Thu May 15 18:06:16 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
raub@testfirewall:~$

and have before upgrading to 14.04 been using sudo-ldap so network admins can do some work.  However, in 14.04, I am seeing

raub@testfirewall:~$ sudo pwd
sudo: LDAP Config Summary
sudo: ===================
sudo: uri              ldap://kdc.domain.com ldap://kdc2.domain.com
sudo: ldap_version     3
sudo: sudoers_base     ou=SUDOers,dc=domain,dc=com
sudo: binddn           (anonymous)
sudo: bindpw           (anonymous)
sudo: bind_timelimit   3
sudo: timelimit        3
sudo: deref            0
sudo: ssl              start_tls
sudo: tls_cacertfile   /etc/ssl/certs/ca-certificates.crt
sudo: use_sasl         yes
sudo: sasl_auth_id     (NONE)
sudo: rootuse_sasl     -1
sudo: rootsasl_auth_id (NONE)
sudo: sasl_secprops    (NONE)
sudo: krb5_ccname      FILE:/tmp/host.tkt
sudo: ===================
sudo: ldap_set_option: debug -> 0
sudo: ldap_set_option: tls_cacertfile -> /etc/ssl/certs/ca-certificates.crt
sudo: ldap_set_option: tls_cacert -> /etc/ssl/certs/ca-certificates.crt
sudo: ldap_initialize(ld, ldap://kdc.domain.com ldap://kdc2.domain.com)
sudo: ldap_set_option: ldap_version -> 3
sudo: ldap_set_option: timelimit -> 3
sudo: ldap_set_option(LDAP_OPT_TIMEOUT, 3)
sudo: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT, 3)
sudo: ldap_start_tls_s() ok
sudo: sudo_ldap_sasl_interact: SASL_CB_USER 
Segmentation fault (core dumped)

raub@testfirewall:~$ 

>From syslog:
Jun  5 15:16:26 testfirewall kernel: [2068248.457275] sudo[22925]: segfault at 0 ip 00007f2feb02692a sp 00007ffff55073b8 error 4 in libc-2.19.so[7f2feaf9d000+1bc000]

That affects both local and network users. Now, if I disable ldap for sudoers in /etc/nsswitch.conf,

# sudoers:        files ldap
sudoers:        files

I can sudo from a local user with sudo rights. What am I missing here?

-- 
You received this question notification because you are a member of
OpenERP Indian Team, which is an answer contact for sudo in Ubuntu.