Red Hat Bugzilla – Bug 164413
libuser:lchsh with ldap module dies with simple bind
Last modified: 2007-11-30 17:11:10 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20040922
Description of problem:
When I use lchsh or lchfn as root on an existing user in my ldap db, I am prompted for the binddn and then the app exits.
[root@db ~]# lchsh gary
Changing shell for gary.
LDAP Bind Password:
/etc/libuser.conf sections look like:
modules = files ldap
create_modules = ldap
# Setting these is always necessary.
#server = 127.0.0.1
server = ldap://localhost:389
basedn = dc=example,dc=com
bindtype = simple
binddn = cn=Manager,dc=example,dc=com
Using other tools to verify the entry is successful:
ldapsearch -b 'dc=example,dc=com' -x -W -D 'cn=Manager,dc=example,dc=com' -H ldap://127.0.0.1:389 uid=gary loginShell
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. lchsh gary
Actual Results: App exited
Expected Results: prompt for new shell
Seems that libuser was still trying to use TLS but not producing any error output.
Commenting out the ldap_start_tls_s call allows the expected behaviour.
Thanks for your report.
The program dies with SIGPIPE; bash normally does not report this because
it happens often with pipelines.
This is caused by a bug in the ldap server; a workaround is to configure
your ldap server to support TLS.
*** This bug has been marked as a duplicate of 164958 ***