diff -up sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch sudo-1.8.14b3/plugins/sudoers/ldap.c
--- sudo-1.8.14b3/plugins/sudoers/ldap.c.ldapconfpatch	2015-07-07 18:51:11.000000000 +0200
+++ sudo-1.8.14b3/plugins/sudoers/ldap.c	2015-07-09 11:03:25.686645581 +0200
@@ -1922,6 +1922,33 @@ sudo_check_krb5_ccname(const char *ccnam
 }
 #endif /* HAVE_LDAP_SASL_INTERACTIVE_BIND_S */
 
+/*
+ * Read a line of input, remove whole line comments and strip off leading
+ * and trailing spaces.  Returns static storage that is reused.
+ */
+static char *
+sudo_ldap_parseln(fp)
+    FILE *fp;
+{
+    size_t len;
+    char *cp = NULL;
+    static char buf[LINE_MAX];
+
+    if (fgets(buf, sizeof(buf), fp) != NULL) {
+	/* Remove comments */
+	if (*buf == '#')
+	    *buf = '\0';
+
+	/* Trim leading and trailing whitespace/newline */
+	len = strlen(buf);
+	while (len > 0 && isspace((unsigned char)buf[len - 1]))
+	    buf[--len] = '\0';
+	for (cp = buf; isblank(*cp); cp++)
+	    continue;
+    }
+    return(cp);
+}
+
 static bool
 sudo_ldap_read_config(void)
 {
@@ -1955,7 +1982,7 @@ sudo_ldap_read_config(void)
     if ((fp = fopen(path_ldap_conf, "r")) == NULL)
 	debug_return_bool(false);
 
-    while (sudo_parseln(&line, &linesize, NULL, fp) != -1) {
+    while ((line = sudo_ldap_parseln(fp)) != NULL) {
 	if (*line == '\0')
 	    continue;		/* skip empty line */
 
@@ -1975,7 +2002,7 @@ sudo_ldap_read_config(void)
 	if (!sudo_ldap_parse_keyword(keyword, value, ldap_conf_global))
 	    sudo_ldap_parse_keyword(keyword, value, ldap_conf_conn);
     }
-    free(line);
+
     fclose(fp);
 
     if (!ldap_conf.host) {