Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet
------------------------------

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

Ayappan i have changed nothing.   So you can see that our   $LIBPATH   contains "a link"  to IBM LDAP.

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#

I suppose i have to update  our  LIBPATH so that it will contain "a link" to OPEN LDAP ?

Then our     sudo   rpm package will work with   open_LDAP package,   not    IBM LDAP filesets...

Or is there another solution ?


------------------------------
christophe derouet
------------------------------

Original Message:
Sent: Mon October 19, 2020 07:24 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

There is no need for any LIBPATH here. 
If you have IBM ldap configured for sudo, remove sudo rpm and install sudo_ids rpm.
If you are using sudo with no ldap configuration, then any sudo rpm will be fine.

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Mon October 19, 2020 07:41 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Ayappan i have changed nothing.   So you can see that our   $LIBPATH   contains "a link"  to IBM LDAP.

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#

I suppose i have to update  our  LIBPATH so that it will contain "a link" to OPEN LDAP ?

Then our     sudo   rpm package will work with   open_LDAP package,   not    IBM LDAP filesets...

Or is there another solution ?


------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 07:24 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

I think it depends. Do you really want to use only openldap or do you wish to use IBM ldap.
I think in this configuration as IBM ldap is already installed and configured hence it makes more sense. 
Will it not be better idea to use sudo_ids (sudo with IBM ldap).
Because modifying LIBPATH can result in unexpected results.
One solution is to use LIBPATH (for open ldap) only for sudo and not for anything else.
Hence you should have something like 
# LIBPATH=​<You libpath> sudo 
Make it alias or something so that always used by sudo but need to be careful that your environment is not affected by openldap because other application might be using IBM LDAP and if you change LIBPATH globally they might affected.

So the solutions are
1. Either use sudo with IBM ldap (sudo_ids)
2. Use LIBPATH with openldap library path only for sudo. 

Hope this will help.

------------------------------
SANKET RATHI
------------------------------

Original Message:
Sent: Mon October 19, 2020 07:41 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Ayappan i have changed nothing.   So you can see that our   $LIBPATH   contains "a link"  to IBM LDAP.

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#

I suppose i have to update  our  LIBPATH so that it will contain "a link" to OPEN LDAP ?

Then our     sudo   rpm package will work with   open_LDAP package,   not    IBM LDAP filesets...

Or is there another solution ?


------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 07:24 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

We have decided to remove    sudo   and   open_ldap.
We have decided to install    sudo_ids   so that we will work with   IBM AIX LDAP filesets.

It seems to be better but we have the error below :  It is OK under root account but not  psiderouet account...

root@apcci077:/etc#sudo -l
Matching Defaults entries for root on apcci077:
log_host, log_year, syslog=local6, !env_reset, mailto=root, mailsub="*** SUDO SECURITY ALERT on %h ***", mail_no_perms, mail_no_user, mail_badpass

User root may run the following commands on apcci077:
(ALL) ALL
root@apcci077:/etc#

root@apcci077:/etc#su - psiderouet
psiderouet@apcci077:/home/psiderouet#sudo -l
Could not load program sudo:
Dependent module libibmldap.a could not be loaded.
Could not load module libibmldap.a.
System error: No such file or directory
psiderouet@apcci077:/home/psiderouet#




------------------------------
christophe derouet
------------------------------

Original Message:
Sent: Mon October 19, 2020 08:32 AM
From: SANKET RATHI
Subject: Newest sudo version requires ldap ?

I think it depends. Do you really want to use only openldap or do you wish to use IBM ldap.
I think in this configuration as IBM ldap is already installed and configured hence it makes more sense. 
Will it not be better idea to use sudo_ids (sudo with IBM ldap).
Because modifying LIBPATH can result in unexpected results.
One solution is to use LIBPATH (for open ldap) only for sudo and not for anything else.
Hence you should have something like 
# LIBPATH=​<You libpath> sudo 
Make it alias or something so that always used by sudo but need to be careful that your environment is not affected by openldap because other application might be using IBM LDAP and if you change LIBPATH globally they might affected.

So the solutions are
1. Either use sudo with IBM ldap (sudo_ids)
2. Use LIBPATH with openldap library path only for sudo. 

Hope this will help.

------------------------------
SANKET RATHI

Original Message:
Sent: Mon October 19, 2020 07:41 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Ayappan i have changed nothing.   So you can see that our   $LIBPATH   contains "a link"  to IBM LDAP.

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#

I suppose i have to update  our  LIBPATH so that it will contain "a link" to OPEN LDAP ?

Then our     sudo   rpm package will work with   open_LDAP package,   not    IBM LDAP filesets...

Or is there another solution ?


------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 07:24 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

Make sure you have IBM ldap libraries symbolic links created in /usr/lib.
Use "idslink" command from IBM ldap filesets to create those links.

------------------------------
Ayappan P
------------------------------

Original Message:
Sent: Mon October 19, 2020 08:48 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

We have decided to remove    sudo   and   open_ldap.
We have decided to install    sudo_ids   so that we will work with   IBM AIX LDAP filesets.

It seems to be better but we have the error below :  It is OK under root account but not  psiderouet account...

root@apcci077:/etc#sudo -l
Matching Defaults entries for root on apcci077:
log_host, log_year, syslog=local6, !env_reset, mailto=root, mailsub="*** SUDO SECURITY ALERT on %h ***", mail_no_perms, mail_no_user, mail_badpass

User root may run the following commands on apcci077:
(ALL) ALL
root@apcci077:/etc#

root@apcci077:/etc#su - psiderouet
psiderouet@apcci077:/home/psiderouet#sudo -l
Could not load program sudo:
Dependent module libibmldap.a could not be loaded.
Could not load module libibmldap.a.
System error: No such file or directory
psiderouet@apcci077:/home/psiderouet#




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 08:32 AM
From: SANKET RATHI
Subject: Newest sudo version requires ldap ?

I think it depends. Do you really want to use only openldap or do you wish to use IBM ldap.
I think in this configuration as IBM ldap is already installed and configured hence it makes more sense. 
Will it not be better idea to use sudo_ids (sudo with IBM ldap).
Because modifying LIBPATH can result in unexpected results.
One solution is to use LIBPATH (for open ldap) only for sudo and not for anything else.
Hence you should have something like 
# LIBPATH=​<You libpath> sudo 
Make it alias or something so that always used by sudo but need to be careful that your environment is not affected by openldap because other application might be using IBM LDAP and if you change LIBPATH globally they might affected.

So the solutions are
1. Either use sudo with IBM ldap (sudo_ids)
2. Use LIBPATH with openldap library path only for sudo. 

Hope this will help.

------------------------------
SANKET RATHI

Original Message:
Sent: Mon October 19, 2020 07:41 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Ayappan i have changed nothing.   So you can see that our   $LIBPATH   contains "a link"  to IBM LDAP.

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#

I suppose i have to update  our  LIBPATH so that it will contain "a link" to OPEN LDAP ?

Then our     sudo   rpm package will work with   open_LDAP package,   not    IBM LDAP filesets...

Or is there another solution ?


------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 07:24 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource

------------------------------
christophe derouet
------------------------------

Original Message:
Sent: Mon October 19, 2020 09:07 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Make sure you have IBM ldap libraries symbolic links created in /usr/lib.
Use "idslink" command from IBM ldap filesets to create those links.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 08:48 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

We have decided to remove    sudo   and   open_ldap.
We have decided to install    sudo_ids   so that we will work with   IBM AIX LDAP filesets.

It seems to be better but we have the error below :  It is OK under root account but not  psiderouet account...

root@apcci077:/etc#sudo -l
Matching Defaults entries for root on apcci077:
log_host, log_year, syslog=local6, !env_reset, mailto=root, mailsub="*** SUDO SECURITY ALERT on %h ***", mail_no_perms, mail_no_user, mail_badpass

User root may run the following commands on apcci077:
(ALL) ALL
root@apcci077:/etc#

root@apcci077:/etc#su - psiderouet
psiderouet@apcci077:/home/psiderouet#sudo -l
Could not load program sudo:
Dependent module libibmldap.a could not be loaded.
Could not load module libibmldap.a.
System error: No such file or directory
psiderouet@apcci077:/home/psiderouet#




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 08:32 AM
From: SANKET RATHI
Subject: Newest sudo version requires ldap ?

I think it depends. Do you really want to use only openldap or do you wish to use IBM ldap.
I think in this configuration as IBM ldap is already installed and configured hence it makes more sense. 
Will it not be better idea to use sudo_ids (sudo with IBM ldap).
Because modifying LIBPATH can result in unexpected results.
One solution is to use LIBPATH (for open ldap) only for sudo and not for anything else.
Hence you should have something like 
# LIBPATH=​<You libpath> sudo 
Make it alias or something so that always used by sudo but need to be careful that your environment is not affected by openldap because other application might be using IBM LDAP and if you change LIBPATH globally they might affected.

So the solutions are
1. Either use sudo with IBM ldap (sudo_ids)
2. Use LIBPATH with openldap library path only for sudo. 

Hope this will help.

------------------------------
SANKET RATHI

Original Message:
Sent: Mon October 19, 2020 07:41 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Ayappan i have changed nothing.   So you can see that our   $LIBPATH   contains "a link"  to IBM LDAP.

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#

I suppose i have to update  our  LIBPATH so that it will contain "a link" to OPEN LDAP ?

Then our     sudo   rpm package will work with   open_LDAP package,   not    IBM LDAP filesets...

Or is there another solution ?


------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 07:24 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

Both sudo_ids & sudo are same opensource sudo package. Only the rpm name is set as "sudo_ids"
If you want sudo that works with IBM ldap, then install sudo_ids. It you want sudo that works with openldap, then install sudo. 

Don't export LIBPATH to make "sudo" to link against IBM ldap. It won't work.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 06:59 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Thank you very much Ayappan.

That means we should not have a look to the LDAP AIX Filesets  as  we want to work with sudo (not sudo_ids).

Should we try this ?

"To resolve this error, export the library path LIBPATH=/opt/freeware/lib:$LIBPATH by running the export command."

At this time we have this :

root@apcci077:/opt/freeware/libexec/sudo#echo $LIBPATH
:/opt/IBM/ldap/V6.4/lib64:/opt/IBM/ldap/V6.4/lib
root@apcci077:/opt/freeware/libexec/sudo#


Or would you have another idea ?




------------------------------
christophe derouet

Original Message:
Sent: Mon October 19, 2020 05:13 AM
From: Ayappan P
Subject: Newest sudo version requires ldap ?

There are two sudo packages " sudo & sudo_ids " available in Toolbox.
Sudo depends on openldap and sudo_ids depends on IBM ldap. Both conflicts,  so users can have only one sudo in their machine.

------------------------------
Ayappan P

Original Message:
Sent: Mon October 19, 2020 04:55 AM
From: christophe derouet
Subject: Newest sudo version requires ldap ?

Hello,

We are working on an AIX 7.2 LPAR.

We are happy YUM is installed.
We are happy sudo is also installed under the control of YUM.

But it seems that  sudo   requires   ldap ???  or open_ldap ???
I can see that sudo requires installed openldap...

Did we missed something ?

Is sudo supposed to work with  ldap aix filesets     or     open_ldap ?

We thank you very much for your help,

christophe

root@apcci077:/root#rpm -ev openldap-2.4.48-1.ppc --test
error: Failed dependencies:
liblber.a(liblber-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
libldap.a(libldap-2.4.so.2) is needed by (installed) sudo-1.8.31p1-1.ppc
openldap >= 2.4.48-1 is needed by (installed) sudo-1.8.31p1-1.ppc
root@apcci077:/root#

root@apcci077:/root#sudo -l
sudo: error in /etc/sudo.conf, line 0 while loading plugin "sudoers_policy"
sudo: unable to load /opt/freeware/libexec/sudo/sudoers.so: Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/IBM/ldap/V6.4/lib64/libldap.a(libldap-2.4.so.2) could not be loaded.
File /opt/IBM/ldap/V6.4/lib64/libldap.a is not an
archive or the file could not be read properly.
System error: Exec format error
Could not load module /opt/freeware/libexec/sudo/sudoers.so.
Dependent module /opt/freeware/libexec/sudo/sudoers.so could not be loaded.
sudo: fatal error, unable to load plugins
root@apcci077:/root

root@apcci077:/root#rpm -qi sudo
Name : sudo
Version : 1.8.31p1
Release : 1
Architecture: ppc
Install Date: Fri Oct 16 14:39:28 CEST 2020
Group : Applications/System
Size : 6743889
License : IBM_ILA
Signature : (none)
Source RPM : sudo-1.8.31p1-1.src.rpm
Build Date : Wed Jun 3 08:04:16 CEST 2020
Build Host : pokndd10.pok.stglabs.ibm.com
Relocations : /opt/freeware
URL : http://www.sudo.ws
Summary : Allows restricted root access for specified users.
Description :
Sudo (superuser do) allows a system administrator to give certain users (or
groups of users) the ability to run some (or all) commands as root while
logging all commands and arguments. Sudo operates on a per-command basis. It
is not a replacement for the shell. Features include: the ability to restrict
what commands a user may run on a per-host basis, copious logging of each
command (providing a clear audit trail of who did what), a configurable timeout
of the sudo command, and the ability to use the same configuration file
(sudoers) on many different machines.
root@apcci077:/root#


root@apcci077:/root#lslpp -L | grep -i ldap
idsldap.clt32bit64.rte 6.4.0.20 C F Directory Server - 32 bit
idsldap.clt64bit64.rte 6.4.0.20 C F Directory Server - 64 bit
idsldap.clt_max_crypto32bit64.rte
idsldap.clt_max_crypto64bit64.rte
idsldap.cltbase64.adt 6.4.0.20 C F Directory Server - Base Client
idsldap.cltbase64.rte 6.4.0.20 C F Directory Server - Base Client
idsldap.cltjava64.rte 6.4.0.20 C F Directory Server - Java Client
idsldap.license64.rte 6.4.0.20 C F Directory Server - License
openldap 2.4.48-1 C R The configuration files,
for OpenLDAP (/bin/rpm)
root@apcci077:/root#oslevel -s
7200-04-01-1939
root@apcci077:/root#


root@apcci077:/root#rpm -qa
db-4.8.24-3.ppc
curl-7.52.1-1.ppc
readline-6.1-2.ppc
python-2.7.10-1.ppc
python-tools-2.7.10-1.ppc
python-urlgrabber-3.10.1-1.noarch
pysqlite-1.1.7-2.ppc
yum-3.4.3-7.noarch
test-dummy-1.1-5.ppc
zlib-1.2.11-1.ppc
xz-libs-5.2.5-1.ppc
ncurses-6.2-1.ppc
libunistring-0.9.9-2.ppc
bash-5.0-1.ppc
gettext-0.19.8.1-5.ppc
cyrus-sasl-2.1.26-3.ppc
sudo-1.8.31p1-1.ppc
lpar2rrd-agent-6.15-2.ppc
gdbm-1.8.3-5.ppc
ca-certificates-2016.10.7-2.ppc
sqlite-3.15.2-1.ppc
python-devel-2.7.10-1.ppc
python-pycurl-7.19.3-1.ppc
python-iniparse-0.4-1.noarch
yum-metadata-parser-1.1.4-2.ppc
AIX-rpm-7.2.4.0-7.ppc
libgcc-8.3.0-2.ppc
libffi-3.2.1-3.ppc
libstdc++-8.3.0-2.ppc
glib2-2.56.1-2.ppc
libxml2-2.9.9-1.ppc
libiconv-1.16-1.ppc
info-6.6-2.ppc
openldap-2.4.48-1.ppc
root@apcci077:/root#





------------------------------
christophe derouet
------------------------------

#AIXOpenSource