ldap bug in hardy

Marco Schmidt schmidt at fgcz.ethz.ch
Tue Apr 29 14:14:54 UTC 2008


I described the problem, including solution in ubuntuforums.


I have a strange problem after upgrading from gutsy to hardy. The user
identification via LDAP Microsoft AD does not work anymore.

The /etc/ldap.conf and /etc/nsswitch.conf seems to be okay. "getent
password" and "getent group" delivers the info from AD I expect.

"ssh" and "id" hangs!

If I set "bind_policy soft" in /etc/ldap.conf, I get the following error:

#id user
id: result.c:112: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=10039(user) gid=10147(group)Aborted

and in /var/log/auth.log I found the following:
Apr 28 16:04:36 hostname id: nss_ldap: could not search LDAP server -
Server is unavailable

If I delete the "ldap" in /etc/nsswitch.conf from "group", no hangers or
errors anymore, but I can only see the local groups.

Exactly the same config under gutsy (7.10) works great.

The problem occurs on a hardy upgrade and on a hardy fresh installation.

I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with
the default settings)

Now it works perfectly!

Could there be a bug in ldap version 2.4.7-6ubuntu3 of nss_ldap
258-1ubuntu3 (ubuntu hardy)?

Greetings ...

|Marco Schmidt                Datenbank- & Systemadministrator|
|Universität Zürich                                           |
|Functional Genomics Center Zurich (FGCZ) UNI/ETH             |
|Irchel, Y32 H 06                        Tel: +41-44-635-3902 |
|Winterthurerstrasse 190                 Fax: +41-44-635-3922 |
|CH-8057 Zürich                          schmidt at fgcz.ethz.ch |
+----Never let a technical device know you're in a hurry!-----+

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3299 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20080429/ce129722/attachment.bin>

More information about the ubuntu-users mailing list