|Summary:||glibc's nss_compat.so library fails to implement ldap functions|
|Product:||[Retired] Red Hat Linux||Reporter:||Andy Grimm <andy.grimm>|
|Component:||glibc||Assignee:||Jakub Jelinek <jakub>|
|Status:||CLOSED DUPLICATE||QA Contact:||Brian Brock <bbrock>|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2006-02-21 18:51:49 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description Andy Grimm 2003-02-15 03:02:08 UTC
From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207 Phoenix/0.5 Description of problem: It is impossible to use "compat" in nsswitch.conf to restrict access to a machine using LDAP as its naming service. The nss_compat.so library in Linux is tied strictly to NIS/NIS+. I realize that, since this will need hooks into openldap to work properly, fixing this either requires you to split nss_compat into a separate package (probably a good idea), or make glibc depend on openldap (probably not such a good idea), but either way, it's something that really should be implemented. I'm willing to heavily test the code, but I don't have enough knowledge of the ldap internals to write it myself. I also sent a message to firstname.lastname@example.org, but I have gotten no response about it yet. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1. Set up a Linux machine as an LDAP client 2. Make sure the machine is NOT bound to a NIS/NIS+ domain 2. Set "passwd: compat" and "passwd_compat: ldap" in nsswitch.conf 3. add "+username" at the end of /etc/passwd for some user 4. try to log in as the user Actual Results: nss_compat tries to check for user's validity using NIS, not LDAP, so the login fails. Expected Results: nss_compat needs to make calls to the LDAP library instead Additional info: I've checked the latest glibc source from GNU (2.3.1), and there has still not been work done in this area.
Comment 1 Andy Grimm 2003-02-15 03:04:05 UTC
*** This bug has been marked as a duplicate of 84376 ***
Comment 2 Red Hat Bugzilla 2006-02-21 18:51:49 UTC
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.