[Bug 237115] [NEW] nscd: nss_ldap: server is unavailable

[Launchpad Bug Tracker]

You have been subscribed to a public bug:

Binary package hint: libnss-ldapd

Since Hardy's release, when doing e kerberos connexion, a refusal to
open a gdm session may occur.  Error message in gdm is : "The system
administrator had temporarily disabled connexion to this system". In
auth.log: "nscd: nss_ldap: server is unavailable"

The problem occurs in the "account" phase, when the user account
information is beng pulled.  The kerberos authentication is successful
but the user is not know by the system.

when this occurs, from another session we can do a:
# getent passwd user_having_issue
and we do not get a reply.  After a certain time lapse, without any change to the setup, the user becomes known again.  
Note: during this period, other users are tested and work succesfully, which shows that the ldap server does function properly.

To understand the issue better, a network trace was done and it can be seen that on the TCP connexion use by the request
1- earlier: the LDAP server sent a end tcp session packet (FIN)
2- nssldap sends back an ACK
3- nssldap continues on using this connexion that he acknoledged closing

To try to go around the issue, it was tried to configure nsslap to not
use persistent connexion (ldap.conf : nss_connect_policy oneshot), but
once this is applied and the client rebooted, then gdm crashes
consistently at each authentication try (clearly identified in syslog).
The crash goes away after restoring the original config
(nss_connect_policy persist).

** Affects: ubuntu
     Importance: Undecided
         Status: New

** Affects: libnss-ldap (Ubuntu)
     Importance: Undecided
         Status: New

-- 
nscd: nss_ldap: server is unavailable
https://bugs.launchpad.net/bugs/237115
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu.