Red Hat Bugzilla – Bug 20969
LDAP lookup fails with nss_ldap-122-1.6
Last modified: 2007-04-18 12:29:53 EDT
I am running Redhat 6.2 on a number of boxes.
They are currently using:
And /etc/ldap.conf is set to perform LDAP lookups in the clear
from an external host (a Novell Netware 5.x server running an
LDAP interface into Novell's NDS)...
Altered lines in /etc/ldap.conf:
Contents of /etc/pam.d/ftp (for instance)
auth required /lib/security/pam_listfile.so item=user sense=deny
auth required /lib/security/pam_shells.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_pwdb.so shadow nullok
account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_pwdb.so
#session sufficient /lib/security/pam_ldap.so
session required /lib/security/pam_pwdb.so
This configuration works fine with nss_ldap-105-1
but stops working with the new errate release of nss_ldap.
PAM is pam-0.72-20
Ldapsearch from openldap works fine, it is the nss_ldap
that fails to work.
Regressing to nss_ldap-105-1 solves the problem without
any other changes to the system.
In both cases tcpdump clearly shows traffic passing from
the server running nss_ldap to my LDAP server and returning,
but I don't know how to verify if the results are getting
mangled somewhere along the line...
IIRC OpenLDAP 1.2 does not support LDAP version 3 queries. Does "getent passwd
username" pull up the correct information?
The system still does not work with
commented out in /etc/ldap.conf, whereas
with this line in, all works fine under nss_ldap-105-1
which I am still using.
I haven't been successful in installing a later revision
(e.g. nss_ldap-113), or building 122 from source.
Can you explain exactly how to use "getent passwd username"?
I have in /etc/nsswitch.conf:
passwd: ldap files
But the user I am testing has a local account,
but a password retrieved/authenticated via LDAP.
getent passwd anstpbat (for example)
returns my entry from /etc/passwd...
Am I just trying to use some functionality that has
disappeared, or do I need to migrate my users full details
into the Novell system (which after all, isn't a native LDAP system) ?
The system is quite clearly working fine in the older version, however...
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
If this issue is still present in a current Fedora Core release, please
open a new bug with the relevant information.
Closing as CANTFIX.