Bug 143649 - LDAP nss group resolution fails, leading to problems with PAM-enabled services
Summary: LDAP nss group resolution fails, leading to problems with PAM-enabled services
Alias: None
Product: Fedora
Classification: Fedora
Component: openldap   
(Show other bugs)
Version: 3
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Jan Safranek
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2004-12-23 10:13 UTC by Need Real Name
Modified: 2008-01-15 11:48 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-01-15 11:48:31 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Need Real Name 2004-12-23 10:13:29 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2)

Description of problem:
I set up a FC3 box to authenticate via LDAPS against a Suse-based
Novell eDirectory.

There seems to be a problem with nss LDAP resolution of groups,
resulting in failure of PAM-enabled services (ie. ssh) where the user
is in the LDAP directory. Local users and groups are fine.

thanks, josh.

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
[root@host ~]# getent group (or getent passwd)

Actual Results:  root:x:0:root
......<to end of local groups>
getent: ../../../libraries/libldap/getdn.c:930: ldap_str2rdn:
Assertion `str' failed.

(If I run 'getent passwd' then it simply hangs once it displays all
local and LDAP users.)

Expected Results:  I should be able to resolve users and groups with

Additional info:

I have an identical configuration working fine on FC2 and RH8.

Comment 1 Matthew Miller 2006-07-10 20:09:49 UTC
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!

Comment 2 Jan Safranek 2008-01-15 11:48:31 UTC
Tested with F7 and F8 - groups seem to work (although I used Fedora servers, I
do not have Novell eDirectory). Feel free to reopen the bug if you are able to
reproduce it in supported Fedora version.

Note You need to log in before you can comment on or make changes to this bug.