Bug 84378 - glibc's nss_compat.so library fails to implement ldap functions
glibc's nss_compat.so library fails to implement ldap functions
Status: CLOSED DUPLICATE of bug 84376
Product: Red Hat Linux
Classification: Retired
Component: glibc (Show other bugs)
7.3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jakub Jelinek
Brian Brock
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2003-02-14 22:02 EST by Andy Grimm
Modified: 2016-11-24 10:17 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-02-21 13:51:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Andy Grimm 2003-02-14 22:02:08 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.3a) Gecko/20021207
Phoenix/0.5

Description of problem:
It is impossible to use "compat" in nsswitch.conf to restrict access to a
machine using LDAP as its naming service.  The nss_compat.so library in Linux is
tied strictly to NIS/NIS+.

I realize that, since this will need hooks into openldap to work properly,
fixing this either requires you to split nss_compat into a separate package
(probably a good idea), or make glibc depend on openldap (probably not such a
good idea), but either way, it's something that really should be implemented. 
I'm willing to heavily test the code, but I don't have enough knowledge of the
ldap internals to write it myself.

I also sent a message to bug-glibc@gnu.org, but I have gotten no response about
it yet.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Set up a Linux machine as an LDAP client
2. Make sure the machine is NOT bound to a NIS/NIS+ domain
2. Set "passwd: compat" and "passwd_compat: ldap" in nsswitch.conf
3. add "+username" at the end of /etc/passwd for some user
4. try to log in as the user


Actual Results:  nss_compat tries to check for user's validity using NIS, not
LDAP, so the login fails.

Expected Results:  nss_compat needs to make calls to the LDAP library instead

Additional info:

I've checked the latest glibc source from GNU (2.3.1), and there has still not
been work done in this area.
Comment 1 Andy Grimm 2003-02-14 22:04:05 EST

*** This bug has been marked as a duplicate of 84376 ***
Comment 2 Red Hat Bugzilla 2006-02-21 13:51:49 EST
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.

Note You need to log in before you can comment on or make changes to this bug.