Bug 143649 - LDAP nss group resolution fails, leading to problems with PAM-enabled services
LDAP nss group resolution fails, leading to problems with PAM-enabled services
Status: CLOSED WORKSFORME
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Jan Safranek
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-12-23 05:13 EST by Need Real Name
Modified: 2008-01-15 06:48 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-01-15 06:48:31 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Need Real Name 2004-12-23 05:13:29 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2)
Gecko/20030716

Description of problem:
I set up a FC3 box to authenticate via LDAPS against a Suse-based
Novell eDirectory.

There seems to be a problem with nss LDAP resolution of groups,
resulting in failure of PAM-enabled services (ie. ssh) where the user
is in the LDAP directory. Local users and groups are fine.

thanks, josh.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
[root@host ~]# getent group (or getent passwd)



Actual Results:  root:x:0:root
bin:x:1:root,bin,daemon
......<to end of local groups>
getent: ../../../libraries/libldap/getdn.c:930: ldap_str2rdn:
Assertion `str' failed.

(If I run 'getent passwd' then it simply hangs once it displays all
local and LDAP users.)

Expected Results:  I should be able to resolve users and groups with
error.

Additional info:

I have an identical configuration working fine on FC2 and RH8.
Comment 1 Matthew Miller 2006-07-10 16:09:49 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 2 Jan Safranek 2008-01-15 06:48:31 EST
Tested with F7 and F8 - groups seem to work (although I used Fedora servers, I
do not have Novell eDirectory). Feel free to reopen the bug if you are able to
reproduce it in supported Fedora version.

Note You need to log in before you can comment on or make changes to this bug.