ports/122750: nss_ldap: Not working correctly with OpenLDAP 2.4
Ulrich Spoerlein
uspoerlein at gmail.com
Mon Apr 14 16:20:04 UTC 2008
>Number: 122750
>Category: ports
>Synopsis: nss_ldap: Not working correctly with OpenLDAP 2.4
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Apr 14 16:20:04 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Ulrich Spörlein
>Release: FreeBSD 7.0-STABLE i386
>Organization:
>Environment:
The problem exists on 7.0 and 6.3, I think it is solely related to OpenLDAP 2.4
>Description:
Ever since I upgraded my LDAP servers to 2.4, *all* of them have some classes
of problems related to LDAP and NSS.
For example, during bootup, some assertions trigger (these are gone, after
the system has finished boot-up)
<dmesg>
Starting privoxy.
Assertion failed: (r != NULL), function ldap_parse_result, file error.c, line 272.
pid 1261 (csh), uid 201: exited on signal 6 (core dumped)
It is *always* privoxy, that is effected. When I was still running
dbus/hald/policykit, they would crash on boot up too. Once I've logged in, I
can restart the services just fine.
But logging in is not working for 60-90 seconds after the getty prompt appears.
I enter my username, then it hangs for several seconds (20-30) and drops me
back to login with an LDAP error.
The third try usually is the charm ...
One very annoying thing is, that I continually get errors like this:
Apr 14 13:43:05 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:43:05 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:43:33 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:43:34 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:47:37 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:47:40 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Apr 14 13:47:41 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable
Please note, that LDAP and NSS are set up correctly and they *work*, the
message above is totally bogus!
Another weird thing that has started right around when I switched to OpenLDAP
2.4 is the groups for my user are gone, when under X. Running id(1) on the
console lists all the groups I'm a member of. Running id(1) inside an xterm I
get *no* secondary groups. This is also true, when logging in via ssh.
getent(1) on the other hand works fine.
>How-To-Repeat:
Upgrade your LDAP client installation from OpenLDAP 2.3 to 2.4. Rebuild nss_ldap and pam_ldap
ports.
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list