Open Source Development

Power Open Source Development

Explore the open source tools and capabilities for building and deploying modern applications on IBM Power platforms including AIX, IBM i, and Linux.


#Power


#Power

 View Only

  • 1.  sudo ldap errno 13

    Posted Thu February 23, 2023 12:33 PM
      |   view attached

    Hello,

    I installed sudo_ids-1.9.12p2-1.aix7.1.ppc.rpm to use with /opt/IBM/ldap/V6.3/ on AIX 7.1 TL5 SP10. Had to install openldap-2.4.58-4.aix7.1.ppc.rpm as a prerequisite, but the IBM ldap still works and I can connect with my personal account being authorized via it. But when changing to root via sudo rootsh, I am getting -

    [LDAP]: 3004-330 Your encrypted password is invalid.
    3004-320 Only the system administrator can change this password.
    sudo: a password is requiredof the 

    Some configure options were -

    1.9.12p2: --prefix=/opt/freeware --sbindir=/opt/freeware/sbin --libdir=/opt/freeware/lib --libexecdir=/opt/freeware/libexec --with-pam --with-pam-login --with-aixauth --with-ldap=/opt/freeware --with-ldap-conf-file=/opt/freeware/etc/openldap/ldap.conf
    So I replaced the ldap executables and libraries under /opt/freeware /bin /lib /lib64 with symbolic links to /opt/IBM/ldap/V6.3/, but nothing changed.

    The debug log seems to tell me, that sudo does connect to ldap, but is getting an authentication failure caused by "13 Permission denied". Where does this error 13 come from ? Please see excerpt from debug log attached.

    Thank you very much,

    Kai



    ------------------------------
    Kai Schuemann
    ------------------------------

    #AIXOpenSource

    Attachment(s)

    log
    sudo_debug.log   320 KB 1 version


  • 2.  RE: sudo ldap errno 13

    Posted Fri February 24, 2023 01:26 AM

    sudo_ids uses IBM ldap (not openldap). The configure options you mentioned belongs to sudo (not sudo_ids). 
    Please re-check. 



    ------------------------------
    Ayappan P
    ------------------------------

    Original Message


  • 3.  RE: sudo ldap errno 13

    Posted Mon February 27, 2023 08:35 AM

    Sorry, I mixed it up from the first installation with sudo. Then I deinstalled it together with its prerequisite openldap-2.4.58 and installed -
    sudo_ids-1.9.12p2-1.aix7.1.ppc.rpm
    But still am getting -

    [LDAP]: 3004-330 Your encrypted password is invalid.
    3004-320 Only the system administrator can change this password.
    sudo: a password is required

    sudo figures correctly out from my IBM V6.3 LDAP. what my group name, group and user ids are. But why does it throw -

    [LDAP]: 3004-320 Only the system administrator can change this password. ?
    Does it want me to enter my pw encrypted ? And what makes it do so ?

    Best regards,

    Kai Schuemann



    ------------------------------
    Kai Schuemann
    ------------------------------

    Original Message


Related Content