Bug 145310 - nss_ldap 227 & 232 kills network logins
nss_ldap 227 & 232 kills network logins
Product: Fedora
Classification: Fedora
Component: nss_ldap (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Depends On:
  Show dependency treegraph
Reported: 2005-01-17 06:06 EST by Nicolas Mailhot
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-12-10 16:32:54 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Nicolas Mailhot 2005-01-17 06:06:21 EST
Description of problem:
On this Fedora Core Devel system installing nss_ldap 227 kills network

Reverteing to  FC3 nss_ldap-220-3 fixes the problem

Version-Release number of selected component (if applicable):

nss_ldap 227

How reproducible:

Comment 1 Chris Hills 2005-01-18 04:00:09 EST
I can confirm this, but nss_ldap-220-3.x86_64 does not work either, so
it's impossible to log in with ldap at all!
Comment 2 Chris Hills 2005-01-18 04:10:47 EST
I was able to login by replacing "URI" directive with "HOST". See bug
Comment 3 Chris Hills 2005-01-18 04:18:12 EST
Add bugzilla@chaz6.com to Cc List
Comment 4 Nicolas Mailhot 2005-01-18 04:46:11 EST
Regarding comment #2 -> did you log in with 227 or 220 ?
I can confirm 220 works with host, in fact this is how this box has
been setup forever

Comment 5 Chris Hills 2005-01-18 04:49:01 EST
I can't remember now. The host that is working has 226-2 installed,
which was the previous version from rawhide. Unfortunately I do not
have a copy of the rpm, so for now I will have to use host.
Comment 6 Nicolas Mailhot 2005-01-18 05:02:22 EST
Ok if you still have 226-2 sitting in you yum/apt cache I'm interested
- I'm pretty sure it works unlike 227 but I'd like to make sure

As for the host/uri problem -> this is not the subject of this
particular bug, since the bow I'm reporting it from uses host
Comment 8 Nicolas Mailhot 2005-01-18 05:18:27 EST
Ok, thanks, I can confirm then that the problem is with 227 and 226-2
works here (on x86, krb5+ldap auth)
Comment 9 Chris Hills 2005-01-19 06:42:54 EST
I did a fresh installation of fc3.x86_64, and so far I have been unable to log
in at all using any version of nss_ldap. The configuration is identical to a
working i386 host. I even set /etc/ldap.conf as a symlink to
/etc/openldap/ldap.conf, and did a search with ldapsearch, which returns the
correct information.

The messages are:-

Jan 19 11:07:48 miranda login[23221]: pam_succeed_if: error retrieving
information about user chills

Jan 19 11:07:48 miranda login(pam_unix)[23221]: authentication failure;
logname=LOGIN uid=0 euid=0 tty=tty2 ruser= rhost=
Jan 19 11:07:48 miranda login(pam_unix)[23221]: could not identify user (from
Jan 19 11:07:48 miranda login[23221]: User not known to the underlying
authentication module
Comment 10 Nicolas Mailhot 2005-01-26 05:56:24 EST
nss_ldap.i386 0:232-1 still broken
Comment 11 Alfred Glanzer 2005-02-07 08:26:51 EST
I can confirm this bug (FC3, with openldap 2.2.23; nss_ldap > 226 does
not work).
It is also reported on the PADL-site, but I have not seen any reaction
from them.
I think it has something to do with trying to make a permanent
connection with the directory server.
Comment 12 Alfred Glanzer 2005-03-02 06:19:33 EST
With nss_ldap-234-1 all problems are gone !! Thanks ..
Comment 13 Chris Hills 2005-03-02 06:35:12 EST
Alfred, I can't find that version on Rawhide. Where did you obtain it
Comment 14 Nicolas Mailhot 2005-03-02 07:40:45 EST
BTW I no longer have access to the systems where this bug manifested,
so I'm not the one to close this
Comment 15 Alfred Glanzer 2005-03-04 13:26:30 EST
The Fedora download server has the new version (nss_ldap-234-1)
available under the development directory !! Good luck.

It has also the new version of OpenLDAP (2.2.23) available. But be
carefull with it: it is compiled against its own version of db4
(version 4.3.27). This means that you have to upgrade your own FC3 to
db4-4.3.27, otherwise your database utilities will not work (e.g.
db_recover). If you do, please do not forget to install compat-db, for
your non-upgraded FC3 programs !!!!!
Comment 16 Alfred Glanzer 2005-03-04 13:31:58 EST
Additional remark on OpenLDAP version 2.2.23.

I found it necessary to change the init-script of OpenLDAP to remove
the __db.00? files from /var/lib/ldap/directory on every startup. This
was the only way to assure correct startup of OpenLDAP in case of a
system crash (which happens to often to me). Also add the -u option to
slaptest in the init-script to assure a proper test of the
config-files !!!! Have fun with testing ... !
Comment 17 Nicolas Mailhot 2005-12-10 16:32:54 EST
I'm closing this one as it's not seing any activity and I can't test it anymore

Note You need to log in before you can comment on or make changes to this bug.