ports/132816: Fail to read name of new user from ldap

Sergey starikov at caotus.ru
Thu Mar 19 14:40:14 UTC 2009


>Number:         132816
>Category:       ports
>Synopsis:       Fail to read name of new user from ldap
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Thu Mar 19 14:40:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator:     Sergey
>Release:        FreeBSD 6.3-RELEASE #0
>Organization:
>Environment:
FreeBSD host.mydomain.ru 6.3-RELEASE FreeBSD 6.3-RELEASE #0: Mon Dec 22 11:03:36 MSK 2008     root at host.mydomain.ru:/usr/obj/usr/src/sys/HOST_IPFW_KERNEL  i386

>Description:
This server uses authentification in OpenLDAP (currently running on FreeBSD 7.1-RELEASE #0, openldap-server-2.4.13 Open source LDAP server implementation).

Used software:
nss_ldap-1.257      RFC 2307 NSS module
openldap-client-2.3.43 Open source LDAP client implementation
pam_ldap-1.8.4      A pam module for authenticating with LDAP
php5-ldap-5.2.6_2   The ldap shared extension for php

My etc/pam.d/sshd is:
#
# PAM configuration for the "sshd" service
#

# auth
auth            sufficient      pam_opie.so             no_warn no_fake_prompts
auth            requisite       pam_opieaccess.so       no_warn allow_local
auth            sufficient      /usr/local/lib/pam_ldap.so no_warn try_first_pass
auth            required        pam_unix.so             no_warn try_first_pass

# account
account         required        pam_nologin.so
account         sufficient      /usr/local/lib/pam_ldap.so
account         required        /usr/local/lib/pam_ldap.so
account         required        pam_login_access.so
account         required        pam_unix.so

# session
session         optional        /usr/local/lib/pam_ldap.so
session         required        pam_permit.so

# password
password        sufficient      /usr/local/lib/pam_ldap.so use_authtok
password        required        pam_unix.so             no_warn try_first_pass



Everything works fine.

The problem appeared when I've added a user.
It was successfully added.
And login (ssh user at this-host) is also successful.
But executing `whoami` shows UID (i.e. 1029) instead of username.
I think, reboot should fix this problem, but it isn't right way.
It looks like a bug in about pam_ldap or nss_ldap.
Or I'm to restart some service (what?)?
>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
>Unformatted:



More information about the freebsd-ports-bugs mailing list