From Bugzilla Helper:
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Description of problem:
When running 'getent group' to get a listing of groups in our LDAP server (Windows 2003 Active Directory), I get output that contains only the first group before getting an assertion in ber_sockbuf_ctrl. This also occurs when attempting to start mailman, which is why we noticed the problem.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Run 'getent group' on a computer using LDAP to look up accounts & groups in Active Directory.
Actual Results: ... (snipped as it's irrelevant)
getent: ../../../libraries/liblber/sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed.
Expected Results: A complete list of Active Directory groups, and no assertions failing.
I'll attach our ldap.conf file to this bug; everything else has been left at the defaults. System is fully up-to-date as of 12:38 PM Pacific Time, May 20 2005.
Created attachment 114649 [details]
Pam_ldap configuration file.
Appears to be similiar to this bug:
I have the same problem on RHEL4 x86_64
The server is openldap and not active directory, the same configuration works
well on RHEL3.
I have the same problem with an OpenLDAP server in a master-slave configuration.
I've tried the following nss_ldap patches and it seems to work:
Sorry, I spoke too fast :(
This has been a blocker for us. I have even tried latest nss_ldap and pam_ldap
as suggested. The setting (with referrals on) works under Redhat 9 but has a
problem with RHEL/FC4 onwards.
Have you contacted Red Hat support? Bugs without support requests attached
are very difficult to get added to the lists of bugs to fix in upcoming update
Also, have you tried FC5 and/or Rawhide? They have newer versions of OpenLDAP
and nss_ldap in them, which may have this bug fixed already.
Please contack Red Hat support at http://redhat.com/support, which may help you
to resolve this issue.