diff -up sudo-1.8.6p3/plugins/sudoers/ldap.c.confparse sudo-1.8.6p3/plugins/sudoers/ldap.c
--- sudo-1.8.6p3/plugins/sudoers/ldap.c.confparse	2012-11-23 15:46:41.801008370 +0100
+++ sudo-1.8.6p3/plugins/sudoers/ldap.c	2012-11-23 15:46:07.903885738 +0100
@@ -1343,6 +1343,32 @@ sudo_ldap_parse_keyword(const char *keyw
     debug_return_bool(false);
 }
 
+/*
+ * Read a line of input, remove whole line comments and strip off leading
+ * and trailing spaces.  Returns static storage that is reused.
+ */
+static char *
+sudo_ldap_parseln(FILE *fp)
+{
+    size_t len;
+    char *cp = NULL;
+    static char buf[LINE_MAX];
+
+    if (fgets(buf, sizeof(buf), fp) != NULL) {
+	/* Remove comments */
+	if (*buf == '#')
+	    *buf = '\0';
+
+	/* Trim leading and trailing whitespace/newline */
+	len = strlen(buf);
+	while (len > 0 && isspace((unsigned char)buf[len - 1]))
+	    buf[--len] = '\0';
+	for (cp = buf; isblank(*cp); cp++)
+	    continue;
+    }
+    return(cp);
+}
+
 static bool
 sudo_ldap_read_config(void)
 {
@@ -1364,7 +1390,7 @@ sudo_ldap_read_config(void)
     if ((fp = fopen(_PATH_LDAP_CONF, "r")) == NULL)
 	debug_return_bool(false);
 
-    while ((cp = sudo_parseln(fp)) != NULL) {
+    while ((cp = sudo_ldap_parseln(fp)) != NULL) {
 	if (*cp == '\0')
 	    continue;		/* skip empty line */