From Bugzilla Helper: User-Agent: Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) Reproducible: Always Steps to Reproduce: 1./etc/nsswitch.conf passwd: files ldap shadow: files ldap group: files ldap ... 2./etc/ldap.conf #host x.x.x.x #base dc=xxx #ssl start_tls 3.DNS RR _ldap._tcp SRV 0 0 389 dns1 Actual Results: There are no any requests to LDAP server dns1. Expected Results: LDAP client search LDAP server and it's properties using DNS.
We (Red Hat) should really try to resolve this before next release.
Does your DNS server show that the nameserver lookup was made? There was a bug in the parsing of the configuration data which might be causing this. The nss_ldap-142-2 package in http://people.redhat.com/nalin/test/ has the packages which will show up in the next Raw Hide refresh. I'm able to use configuration via DNS for nss_ldap on my workstation with this version. Please reopen this bug ID if you find that updating your nss_ldap package doesn't fix this. Thanks!
DNS server show that lookup was made. /var/log/messages: ... login[697]: pam_ldap: missing "host" in file "ldap.conf" ... The same in wolverine.
Hmm... that message is coming from the pam_ldap module, which is in the same package. I've patched it to do DNS configuration similar to the way nss_ldap does. Please check if the nss_ldap-149 package in http://people.redhat.com/nalin/test/ fixes this.
rpm -U nss_ldap-149-1.i386.rpm error: failed dependencies: libcripto.so.1 is needed by nss_ldap-149-1 libssl.so.1 is needed by nss_ldap-149-1
Those are dependencies from the current Raw Hide tree. Running "rpm --rebuild" on the source package (nss_ldap-149-1.src.rpm) should produce a package suitable for installation on your system.
Login works using DNS, but not always. /var/log/messages: # case 1: login OK Mar 14 17:07:17 505-4 login(pam_unix)[5724]: check pass; user unknown Mar 14 17:07:17 505-4 login(pam_unix)[5724]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty5 ruser= rhost= Mar 14 17:07:17 505-4 login(pam_unix)[5724]: session opened for user test by LOGIN(uid=0) Mar 14 17:07:17 505-4 -- test[5724]: LOGIN ON tty5 BY test Mar 14 17:08:18 505-4 login(pam_unix)[5724]: session closed for user test # case 2: login failed Mar 14 17:08:21 505-4 login(pam_unix)[5757]: check pass; user unknown Mar 14 17:08:21 505-4 login(pam_unix)[5757]: authentication failure; logname=LOGIN uid=0 euid=0 tty=tty5 ruser= rhost= Mar 14 17:08:21 505-4 login[5757]: pam_ldap: ldap_simple_bind Can't contact LDAP server Mar 14 17:08:23 505-4 login[5757]: FAILED LOGIN 1 FROM (null) FOR test, Authentication failure slapd -d1 case 1: pen (cache 4) => key_read <= index_read 1 candidates <= equality_candidates 1 <= filter_candidates 1 <= list_candidates 1 <= filter_candidates 1 <= list_candidates 1 <= filter_candidates 1 <= list_candidates 1 <= filter_candidates 1 ====> cache_return_entry_r( 1 ): returned (0) => id2entry_r( 3 ) ====> cache_find_entry_id( 3 ) "uid=test,ou=People,dc=ntc" (found) (1 tries) <= id2entry_r( 3 ) 0x8107210 (cache) => send_search_entry: "uid=test,ou=People,dc=ntc" ber_flush: 285 bytes to sd 14 <= send_search_entry ====> cache_return_entry_r( 3 ): returned (0) send_ldap_search_result 0:: send_ldap_response: msgid=13 tag=101 err=0 ber_flush: 14 bytes to sd 14 ber_get_next ber_get_next on fd 14 failed errno=11 (Resource temporarily unavailable) case 2: st_candidates 1 <= filter_candidates 1 <= list_candidates 1 <= filter_candidates 1 ====> cache_return_entry_r( 1 ): returned (0) => id2entry_r( 3 ) ====> cache_find_entry_id( 3 ) "uid=test,ou=People,dc=ntc" (found) (1 tries) <= id2entry_r( 3 ) 0x8107210 (cache) => send_search_entry: "uid=test,ou=People,dc=ntc" ber_flush: 185 bytes to sd 14 <= send_search_entry ====> cache_return_entry_r( 3 ): returned (0) send_ldap_search_result 0:: send_ldap_response: msgid=17 tag=101 err=0 ber_flush: 14 bytes to sd 14 ber_get_next ber_get_next on fd 14 failed errno=11 (Resource temporarily unavailable) connection_get(14): got connid=27 connection_read(14): checking for input on id=27 ber_get_next ber_get_next on fd 14 failed errno=0 (Success) connection_read(14): input error=-2 id=27, closing. connection_closing: readying conn=27 sd=14 for close connection_close: conn=27 sd=14 or NOTHING
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Red Hat apologizes that these issues have not been resolved yet. We do want to make sure that no important bugs slip through the cracks. Please check if this issue is still present in a current Fedora Core release. If so, please change the product and version to match, and check the box indicating that the requested information has been provided. Note that any bug still open against Red Hat Linux on will be closed as 'CANTFIX' on September 30, 2006. Thanks again for your help.
Red Hat Linux is no longer supported by Red Hat, Inc. If you are still running Red Hat Linux, you are strongly advised to upgrade to a current Fedora Core release or Red Hat Enterprise Linux or comparable. Some information on which option may be right for you is available at http://www.redhat.com/rhel/migrate/redhatlinux/. Closing as CANTFIX.