Red Hat Bugzilla – Bug 143649
LDAP nss group resolution fails, leading to problems with PAM-enabled services
Last modified: 2008-01-15 06:48:31 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2)
Description of problem:
I set up a FC3 box to authenticate via LDAPS against a Suse-based
There seems to be a problem with nss LDAP resolution of groups,
resulting in failure of PAM-enabled services (ie. ssh) where the user
is in the LDAP directory. Local users and groups are fine.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
[root@host ~]# getent group (or getent passwd)
Actual Results: root:x:0:root
......<to end of local groups>
getent: ../../../libraries/libldap/getdn.c:930: ldap_str2rdn:
Assertion `str' failed.
(If I run 'getent passwd' then it simply hangs once it displays all
local and LDAP users.)
Expected Results: I should be able to resolve users and groups with
I have an identical configuration working fine on FC2 and RH8.
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.
Tested with F7 and F8 - groups seem to work (although I used Fedora servers, I
do not have Novell eDirectory). Feel free to reopen the bug if you are able to
reproduce it in supported Fedora version.