RHEL 5.2 and the included nss_ldap-253-12 brought us two issues that disappear if /lib/libnss_ldap-2.5.so is replaced with the one taken from 5.1. The first issue is that while users can log on through gdm or ssh, they cannot login on the console. Or rather, something throws them out the moment they do, I can see Last login: line and motd flash past as the screen clears and displays a new login prompt. Root, with its details stored locally, can log on to console but a local test user that I created got the same problem as the users in ldap. The other issue that is probably related - because replacing the library makes it disappear - is that our cfengine has started to hang with SIGPIPE when doing locking for its operations. We use cfengine for a lot of things, so this is hugely inconvenient. Where ldap appears in our /etc/nsswitch.conf: passwd: files ldap shadow: files ldap netgroup: ldap We are also experiencing bug #448016 or something similar (which is fixed by replacing the library) and #448016 which is not - but still sounds like it could be related somehow.
This issue is fixed by nss_ldap-253-13.el5_2.1. I suppose the bug can be closed.
Sorry for the delay here. Closing.