Reproducing: 1. Install an OpenLDAP server that speaks LDAP over SSL.
2. Install Debian Testing or Unstable and configure it to be an LDAP client that connects via to its LDAP server via SSL. 3. Log into the Debian system created in step using an LDAP account not an account in /etc/passwd. 4. Attempt to use sudo. You will see unexpected results: $ sudo id [sudo] password for user: sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted sudo: unable to open /var/lib/sudo/user/1: Operation not permitted sudo: unable to set gid to runas gid 0: Operation not permitted sudo: unable to execute /usr/bin/id: Operation not permitted $ 5. Patch system: apt-get build-dep libgnutls26 apt-get source gnutls26 to fetch the source for gnutls26-2.12.14 then chop out --with-libgcrypt from the debian/rules file and rebuild gnutls26 debuild -i -uc -us -b and install the resulting .deb files. 6. Attempt to use sudo. You will see expected results: $ sudo id [sudo] password for user: uid=0(root) gid=0(root) groups=0(root) -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
