I found the solution, the correct directive to specificy a CA certificate file for sudo-ldap is:
TLS_CACERTFILE /path/to/cacert.pem
So my ldap.conf now figures so:
BASE dc=aldu,dc=net
URI ldaps://ldap.aldu.net
TLS_CACERT /etc/ssl/cacert.pem
TLS_CACERTFILE /etc/ssl/cacert.pem
SUDOERS_BASE ou=sudoers,dc=aldu,dc=net
It's absolutely redundant, so I think it would be nice to make sudo-ldap reading CA certificate path from TLS_CACERT directive instead of TLS_CACERTFILE.
I found the solution, the correct directive to specificy a CA certificate file for sudo-ldap is:
TLS_CACERTFILE /path/to/cacert.pem
So my ldap.conf now figures so:
BASE dc=aldu,dc=net /ldap.aldu. net
URI ldaps:/
TLS_CACERT /etc/ssl/cacert.pem
TLS_CACERTFILE /etc/ssl/cacert.pem
SUDOERS_BASE ou=sudoers, dc=aldu, dc=net
It's absolutely redundant, so I think it would be nice to make sudo-ldap reading CA certificate path from TLS_CACERT directive instead of TLS_CACERTFILE.