Bug 26451 - Usage LDAP DNS SRV RR is not supported
Usage LDAP DNS SRV RR is not supported
Status: CLOSED CANTFIX
Product: Red Hat Linux
Classification: Retired
Component: nss_ldap (Show other bugs)
7.1
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Nalin Dahyabhai
Aaron Brown
Florence Gold
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2001-02-07 06:16 EST by Igor
Modified: 2007-04-18 12:31 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-18 11:55:54 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Igor 2001-02-07 06:16:02 EST
From Bugzilla Helper:
User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0)




Reproducible: Always
Steps to Reproduce:
1./etc/nsswitch.conf
passwd: files ldap
shadow: files ldap
group: files ldap
...
2./etc/ldap.conf
#host x.x.x.x
#base dc=xxx
#ssl start_tls
3.DNS RR
_ldap._tcp SRV 0 0 389 dns1

	

Actual Results:  There are no any requests to LDAP server dns1.

Expected Results:  LDAP client search LDAP server and it's properties 
using DNS.
Comment 1 Glen Foster 2001-02-08 11:00:57 EST
We (Red Hat) should really try to resolve this before next release.
Comment 2 Nalin Dahyabhai 2001-02-09 21:00:41 EST
Does your DNS server show that the nameserver lookup was made?  There was a bug
in the parsing of the configuration data which might be causing this.

The nss_ldap-142-2 package in http://people.redhat.com/nalin/test/ has the
packages which will show up in the next Raw Hide refresh.  I'm able to use
configuration via DNS for nss_ldap on my workstation with this version.  Please
reopen this bug ID if you find that updating your nss_ldap package doesn't fix
this.

Thanks!
Comment 3 Igor 2001-03-02 05:14:56 EST
DNS server show that lookup was made.
/var/log/messages:
...
login[697]: pam_ldap: missing "host" in file "ldap.conf"
...
The same in wolverine.
Comment 4 Nalin Dahyabhai 2001-03-08 11:04:41 EST
Hmm... that message is coming from the pam_ldap module, which is in the same
package.  I've patched it to do DNS configuration similar to the way nss_ldap
does.  Please check if the nss_ldap-149 package in
http://people.redhat.com/nalin/test/ fixes this.
Comment 5 Igor 2001-03-13 05:50:54 EST
rpm -U nss_ldap-149-1.i386.rpm
error: failed dependencies:
libcripto.so.1 is needed by nss_ldap-149-1
libssl.so.1 is needed by nss_ldap-149-1
Comment 6 Nalin Dahyabhai 2001-03-13 17:51:59 EST
Those are dependencies from the current Raw Hide tree.  Running
"rpm --rebuild" on the source package (nss_ldap-149-1.src.rpm)
should produce a package suitable for installation on your system.
Comment 7 Igor 2001-03-19 03:15:34 EST
Login works using DNS, but not always.
/var/log/messages:

# case 1: login OK
Mar 14 17:07:17 505-4 login(pam_unix)[5724]: check pass; user unknown
Mar 14 17:07:17 505-4 login(pam_unix)[5724]: authentication failure; 
logname=LOGIN uid=0 euid=0 tty=tty5 ruser= rhost= 
Mar 14 17:07:17 505-4 login(pam_unix)[5724]: session opened for user test by 
LOGIN(uid=0)
Mar 14 17:07:17 505-4  -- test[5724]: LOGIN ON tty5 BY test
Mar 14 17:08:18 505-4 login(pam_unix)[5724]: session closed for user test
# case 2: login failed
Mar 14 17:08:21 505-4 login(pam_unix)[5757]: check pass; user unknown
Mar 14 17:08:21 505-4 login(pam_unix)[5757]: authentication failure; 
logname=LOGIN uid=0 euid=0 tty=tty5 ruser= rhost= 
Mar 14 17:08:21 505-4 login[5757]: pam_ldap: ldap_simple_bind Can't contact 
LDAP server
Mar 14 17:08:23 505-4 login[5757]: FAILED LOGIN 1 FROM (null) FOR test, 
Authentication failure

slapd -d1
case 1:
pen (cache 4)
=> key_read
<= index_read 1 candidates
<= equality_candidates 1
<= filter_candidates 1
<= list_candidates 1
<= filter_candidates 1
<= list_candidates 1
<= filter_candidates 1
<= list_candidates 1
<= filter_candidates 1
====> cache_return_entry_r( 1 ): returned (0)
=> id2entry_r( 3 )
====> cache_find_entry_id( 3 ) "uid=test,ou=People,dc=ntc" (found) (1 tries)
<= id2entry_r( 3 ) 0x8107210 (cache)
=> send_search_entry: "uid=test,ou=People,dc=ntc"
ber_flush: 285 bytes to sd 14
<= send_search_entry
====> cache_return_entry_r( 3 ): returned (0)
send_ldap_search_result 0::
send_ldap_response: msgid=13 tag=101 err=0
ber_flush: 14 bytes to sd 14
ber_get_next
ber_get_next on fd 14 failed errno=11 (Resource temporarily unavailable)
case 2:
st_candidates 1
<= filter_candidates 1
<= list_candidates 1
<= filter_candidates 1
====> cache_return_entry_r( 1 ): returned (0)
=> id2entry_r( 3 )
====> cache_find_entry_id( 3 ) "uid=test,ou=People,dc=ntc" (found) (1 tries)
<= id2entry_r( 3 ) 0x8107210 (cache)
=> send_search_entry: "uid=test,ou=People,dc=ntc"
ber_flush: 185 bytes to sd 14
<= send_search_entry
====> cache_return_entry_r( 3 ): returned (0)
send_ldap_search_result 0::
send_ldap_response: msgid=17 tag=101 err=0
ber_flush: 14 bytes to sd 14
ber_get_next
ber_get_next on fd 14 failed errno=11 (Resource temporarily unavailable)
connection_get(14): got connid=27
connection_read(14): checking for input on id=27
ber_get_next
ber_get_next on fd 14 failed errno=0 (Success)
connection_read(14): input error=-2 id=27, closing.
connection_closing: readying conn=27 sd=14 for close
connection_close: conn=27 sd=14

or NOTHING
Comment 8 Bill Nottingham 2006-08-07 14:28:12 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Red Hat apologizes that these issues have not been resolved yet. We do
want to make sure that no important bugs slip through the cracks.
Please check if this issue is still present in a current Fedora Core
release. If so, please change the product and version to match, and
check the box indicating that the requested information has been
provided. Note that any bug still open against Red Hat Linux on will be
closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Comment 9 Bill Nottingham 2006-10-18 11:55:54 EDT
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still
running Red Hat Linux, you are strongly advised to upgrade to a
current Fedora Core release or Red Hat Enterprise Linux or comparable.
Some information on which option may be right for you is available at
http://www.redhat.com/rhel/migrate/redhatlinux/.

Closing as CANTFIX.

Note You need to log in before you can comment on or make changes to this bug.