Cannot Setuid After Ubuntu 12.04LTS Upgrade When Using LDAP Accounts

When I upgraded a Ubuntu 11.10 server to Ubuntu 12.04LTS I suddenly got the following error message when invoking ‘sudo su’ with an LDAP account:

sudo: setresuid(ROOT_UID, ROOT_UID, ROOT_UID): Operation not permitted

The LDAP client uses STARTTLS to upgrade the existing LDAP session to an encrypted connection.

I got this error because libgcrypt11, which is used by gnutls (the more ‘open’ counterpart of openSSL) to handle the low crypto stuff in your TLS connection, is completely broken. Instead, it has been advised to use nettle for this stuff. This is how you fix it in ubuntu 12.04LTS:

First install the necessary packages:

apt-get install libgmp-dev dev-scripts
apt-get build-dep libgnutls26

Download an install nettle. It appears that not every version works with gnutls. I know that nettle 2.1 works so I installed that version:

wget http://www.lysator.liu.se/~nisse/archive/nettle-2.1.tar.gz
tar zxvf nettle-2.1.tar.gz
cd nettle-2.1
./configure --with-gmp
make
make install

Get the source of gnutls:

apt-get source gnutls26

Omit ‘–with-libgcrypt’ in gnutls26-2.12.14/debian/rules and go to the gnutls26-2.12.14 directory. Build a new .deb package and install it:

debuild -i -uc -us -b
dpkg -i libgnutls26_2.12.14*.deb

It should work now ;) .

sources
http://www.openldap.org/lists/openldap-technical/201202/msg00079.html
https://bugs.launchpad.net/ubuntu/+source/gnutls26/+bug/926350