Comment 9 for bug 115967

I set "SUDOERS_DEBUG 2" in /etc/sudo-ldap.conf and found out the problem. First, sudo-ldap failed to verify the server certficate, despite I had specified a CA cert. Second, it ignored the option to not verify the certificate as well.

A closer look at the manpage of sudo-ldap reveals that the standard ldap.conf and sudo-ldap use different options for the same thing. Standard ldap.conf uses TLS_CACERT, while sudo-ldap uses TLS_CACERTFILE. Standard is TLS_REQCERT (yes/no), while sudo-ldap uses TLS_CHECKPEER (yes/no).

I now have TLS_CACERT as well as TLS_CACERTFILE and it works.

I don't know whether the standards have changed recently and sudo-ldap in lucid is ahead of time, but this should be unified in any case.