ports/122750: nss_ldap: Not working correctly with OpenLDAP 2.4

Ulrich Spoerlein uspoerlein at gmail.com
Mon Apr 14 16:20:04 UTC 2008 

>Number:         122750
>Category:       ports
>Synopsis:       nss_ldap: Not working correctly with OpenLDAP 2.4
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Mon Apr 14 16:20:04 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Ulrich Spörlein
>Release:        FreeBSD 7.0-STABLE i386
>Organization:
>Environment:
The problem exists on 7.0 and 6.3, I think it is solely related to OpenLDAP 2.4
>Description:
Ever since I upgraded my LDAP servers to 2.4, *all* of them have some classes
of problems related to LDAP and NSS.

For example, during bootup, some assertions trigger (these are gone, after
the system has finished boot-up)

<dmesg>
Starting privoxy.
Assertion failed: (r != NULL), function ldap_parse_result, file error.c, line 272.
pid 1261 (csh), uid 201: exited on signal 6 (core dumped)

It is *always* privoxy, that is effected. When I was still running
dbus/hald/policykit, they would crash on boot up too. Once I've logged in, I
can restart the services just fine.

But logging in is not working for 60-90 seconds after the getty prompt appears.
I enter my username, then it hangs for several seconds (20-30) and drops me
back to login with an LDAP error.

The third try usually is the charm ...

One very annoying thing is, that I continually get errors like this:
Apr 14 13:43:05 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:43:05 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:43:33 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:43:34 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:47:37 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:47:40 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:47:41 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable

Please note, that LDAP and NSS are set up correctly and they *work*, the
message above is totally bogus!

Another weird thing that has started right around when I switched to OpenLDAP
2.4 is the groups for my user are gone, when under X. Running id(1) on the
console lists all the groups I'm a member of. Running id(1) inside an xterm I
get *no* secondary groups. This is also true, when logging in via ssh.

getent(1) on the other hand works fine.

>How-To-Repeat:
Upgrade your LDAP client installation from OpenLDAP 2.3 to 2.4. Rebuild nss_ldap and pam_ldap
ports.
>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list