% sudo -s LDAP Config Summary =================== uri ldaps://bar.foo.com ldap_version 3 sudoers_base ou=SUDOers,dc=foo,dc=com binddn (anonymous) bindpw (anonymous) ssl (no) tls_cacertfile /etc/openldap/cacert.pem =================== sudo: ldap_initialize(ld, ldaps://bar.foo.com) sudo: ldap_set_option: debug -> 0 sudo: ldap_set_option: ldap_version -> 3 sudo: ldap_set_option: tls_cacertfile -> /etc/openldap/cacert.pem sudo: ldap_set_option: tls_cacert -> /etc/openldap/cacert.pem sudo: ldap_sasl_bind_s() ok sudo: Looking for cn=defaults: cn=defaults sudo: found:cn=defaults,ou=SUDOers,dc=foo,dc=com sudo: ldap sudoOption: 'insults' sudo: ldap sudoOption: 'timestamp_timeout=60' sudo: sudo_ldap_build_pass1 allocation mismatch After downgrading to 1.8.2-r1 everything works fine again. Looking through the source code it runs into a low level sanity check, something which is not supposed to happen. Reproducible: Always
It looks solved with current versions