ports/132816: Fail to read name of new user from ldap
Sergey
starikov at caotus.ru
Thu Mar 19 14:40:14 UTC 2009
>Number: 132816
>Category: ports
>Synopsis: Fail to read name of new user from ldap
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu Mar 19 14:40:03 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Sergey
>Release: FreeBSD 6.3-RELEASE #0
>Organization:
>Environment:
FreeBSD host.mydomain.ru 6.3-RELEASE FreeBSD 6.3-RELEASE #0: Mon Dec 22 11:03:36 MSK 2008 root at host.mydomain.ru:/usr/obj/usr/src/sys/HOST_IPFW_KERNEL i386
>Description:
This server uses authentification in OpenLDAP (currently running on FreeBSD 7.1-RELEASE #0, openldap-server-2.4.13 Open source LDAP server implementation).
Used software:
nss_ldap-1.257 RFC 2307 NSS module
openldap-client-2.3.43 Open source LDAP client implementation
pam_ldap-1.8.4 A pam module for authenticating with LDAP
php5-ldap-5.2.6_2 The ldap shared extension for php
My etc/pam.d/sshd is:
#
# PAM configuration for the "sshd" service
#
# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass
# account
account required pam_nologin.so
account sufficient /usr/local/lib/pam_ldap.so
account required /usr/local/lib/pam_ldap.so
account required pam_login_access.so
account required pam_unix.so
# session
session optional /usr/local/lib/pam_ldap.so
session required pam_permit.so
# password
password sufficient /usr/local/lib/pam_ldap.so use_authtok
password required pam_unix.so no_warn try_first_pass
Everything works fine.
The problem appeared when I've added a user.
It was successfully added.
And login (ssh user at this-host) is also successful.
But executing `whoami` shows UID (i.e. 1029) instead of username.
I think, reboot should fix this problem, but it isn't right way.
It looks like a bug in about pam_ldap or nss_ldap.
Or I'm to restart some service (what?)?
>How-To-Repeat:
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list