I can confirm this bug on a box updated from 9.04 to 9.10, where both sudo and su worked just fine.
The test user is only in LDAP, and locally (in /etc/groups) member of the "admin" group. If LDAP uses ssl, su/sudo fail, and they work as advertised with a plain connection.
An other effect which is apparently related: If I launch evince with LDAP/ssl, it takes very long (~15 seconds) to start, and then spits out the message
(evince:2541): GLib-WARNING **: getpwuid_r(): failed due to: Permission denied.
Switching to LDAP/plain, it comes up immediately. Probably this is a glibc (?) and not a su(do) bug.
And as unencrypted LDAP is a security risk, this bug is IMHO a critical one.
I can confirm this bug on a box updated from 9.04 to 9.10, where both sudo and su worked just fine.
The test user is only in LDAP, and locally (in /etc/groups) member of the "admin" group. If LDAP uses ssl, su/sudo fail, and they work as advertised with a plain connection.
An other effect which is apparently related: If I launch evince with LDAP/ssl, it takes very long (~15 seconds) to start, and then spits out the message
(evince:2541): GLib-WARNING **: getpwuid_r(): failed due to: Permission denied.
Switching to LDAP/plain, it comes up immediately. Probably this is a glibc (?) and not a su(do) bug.
And as unencrypted LDAP is a security risk, this bug is IMHO a critical one.