Date: Mon, 14 Apr 2008 18:18:19 +0200 (CEST) From: Ulrich Spoerlein <uspoerlein@gmail.com> To: FreeBSD-gnats-submit@FreeBSD.org Cc: kazakov@gmail.com Subject: ports/122750: nss_ldap: Not working correctly with OpenLDAP 2.4 Message-ID: <200804141618.m3EGIJTq017011@roadrunner.spoerlein.net> Resent-Message-ID: <200804141620.m3EGK4fd005176@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 122750 >Category: ports >Synopsis: nss_ldap: Not working correctly with OpenLDAP 2.4 >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Mon Apr 14 16:20:04 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Ulrich Spörlein >Release: FreeBSD 7.0-STABLE i386 >Organization: >Environment: The problem exists on 7.0 and 6.3, I think it is solely related to OpenLDAP 2.4 >Description: Ever since I upgraded my LDAP servers to 2.4, *all* of them have some classes of problems related to LDAP and NSS. For example, during bootup, some assertions trigger (these are gone, after the system has finished boot-up) <dmesg> Starting privoxy. Assertion failed: (r != NULL), function ldap_parse_result, file error.c, line 272. pid 1261 (csh), uid 201: exited on signal 6 (core dumped) It is *always* privoxy, that is effected. When I was still running dbus/hald/policykit, they would crash on boot up too. Once I've logged in, I can restart the services just fine. But logging in is not working for 60-90 seconds after the getty prompt appears. I enter my username, then it hangs for several seconds (20-30) and drops me back to login with an LDAP error. The third try usually is the charm ... One very annoying thing is, that I continually get errors like this: Apr 14 13:43:05 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable Apr 14 13:43:05 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable Apr 14 13:43:33 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable Apr 14 13:43:34 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable Apr 14 13:47:37 roadrunner sudo: nss_ldap: could not search LDAP server - Server is unavailable Apr 14 13:47:40 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable Apr 14 13:47:41 roadrunner xterm: nss_ldap: could not search LDAP server - Server is unavailable Please note, that LDAP and NSS are set up correctly and they *work*, the message above is totally bogus! Another weird thing that has started right around when I switched to OpenLDAP 2.4 is the groups for my user are gone, when under X. Running id(1) on the console lists all the groups I'm a member of. Running id(1) inside an xterm I get *no* secondary groups. This is also true, when logging in via ssh. getent(1) on the other hand works fine. >How-To-Repeat: Upgrade your LDAP client installation from OpenLDAP 2.3 to 2.4. Rebuild nss_ldap and pam_ldap ports. >Fix: >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200804141618.m3EGIJTq017011>