Comment 1 for bug 115967

I found the solution, the correct directive to specificy a CA certificate file for sudo-ldap is:

TLS_CACERTFILE /path/to/cacert.pem

So my ldap.conf now figures so:

BASE dc=aldu,dc=net
URI ldaps://ldap.aldu.net
TLS_CACERT /etc/ssl/cacert.pem
TLS_CACERTFILE /etc/ssl/cacert.pem

SUDOERS_BASE ou=sudoers,dc=aldu,dc=net

It's absolutely redundant, so I think it would be nice to make sudo-ldap reading CA certificate path from TLS_CACERT directive instead of TLS_CACERTFILE.