When I upgraded a Ubuntu 11.10 server to Ubuntu 12.04LTS I suddenly got the following error message when invoking ‘sudo su’ with an LDAP account:
sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted
The LDAP client uses STARTTLS to upgrade the existing LDAP session to an encrypted connection.
I got this error because libgcrypt11, which is used by gnutls (the more ‘open’ counterpart of openSSL) to handle the low crypto stuff in your TLS connection, is completely broken. Instead, it has been advised to use nettle for this stuff. This is how you fix it in ubuntu 12.04LTS:
First install the necessary packages:
apt-get install libgmp-dev dev-scripts apt-get build-dep libgnutls26
Download an install nettle. It appears that not every version works with gnutls. I know that nettle 2.1 works so I installed that version:
wget http://www.lysator.liu.se/~nisse/archive/nettle-2.1.tar.gz tar zxvf nettle-2.1.tar.gz cd nettle-2.1 ./configure --with-gmp make make install
Get the source of gnutls:
apt-get source gnutls26
Omit ‘–with-libgcrypt’ in gnutls26-2.12.14/debian/rules and go to the gnutls26-2.12.14 directory. Build a new .deb package and install it:
debuild -i -uc -us -b dpkg -i libgnutls26_2.12.14*.deb
It should work now .