Bug 143649

Summary: LDAP nss group resolution fails, leading to problems with PAM-enabled services
Product: [Fedora] Fedora Reporter: Need Real Name <josh.howlett>
Component: openldapAssignee: Jan Safranek <jsafrane>
Status: CLOSED WORKSFORME QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3CC: mattdm
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-15 11:48:31 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Need Real Name 2004-12-23 10:13:29 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2)
Gecko/20030716

Description of problem:
I set up a FC3 box to authenticate via LDAPS against a Suse-based
Novell eDirectory.

There seems to be a problem with nss LDAP resolution of groups,
resulting in failure of PAM-enabled services (ie. ssh) where the user
is in the LDAP directory. Local users and groups are fine.

thanks, josh.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
[root@host ~]# getent group (or getent passwd)



Actual Results:  root:x:0:root
bin:x:1:root,bin,daemon
......<to end of local groups>
getent: ../../../libraries/libldap/getdn.c:930: ldap_str2rdn:
Assertion `str' failed.

(If I run 'getent passwd' then it simply hangs once it displays all
local and LDAP users.)

Expected Results:  I should be able to resolve users and groups with
error.

Additional info:

I have an identical configuration working fine on FC2 and RH8.
Comment 1 Matthew Miller 2006-07-10 20:09:49 UTC 
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 2 Jan Safranek 2008-01-15 11:48:31 UTC 
Tested with F7 and F8 - groups seem to work (although I used Fedora servers, I
do not have Novell eDirectory). Feel free to reopen the bug if you are able to
reproduce it in supported Fedora version.