libldap2: Cannot bind user to ldap server, failing auth

FRLinux frlinux at gmail.com
Thu Jun 19 15:17:36 UTC 2008 

Package: libldap2
Version: 2.1.30-13.4
Severity: normal


We have a wide range of systems from dapper to hardy. Hardy now fails to
authenticate users properly if the old libldap2 2.1.30-13.4 package is
missing.

We authenticate to a 2.3 OpenLDAP server via ldaps://server:636 and
without the old libldap2 package installed at the same time (we
installed it from gutsy), no user can login at all. As soon as that one
is in, it is all good.

I also had to downgrade libnss and upgrade it again to add apparently
missing files. Those were the 2 steps to make it work again.

When we also reboot the system, only a restart of nscd will fix the
libnss queries to the server.

Even though bugreport downgraded this as a normal bug, this is a serious
issue because without this workaround, our stations are as good as a
pile of bricks.

Please let me know if I can provide more information, find below the
output of /etc/ldap.conf and /etc/libnss_ldap.conf.

Cheers,
Steph

/etc/ldap.conf:
BASE         dc=my, dc=domain
URI          ldaps://server.my.domain:636/
TLS_CACERT /etc/ldap/cert/cacert.pem
TLS_REQCERT  demand
nss_initgroups_ignoreusers
avahi,avahi-autoipd,backup,bin,daemon,dhcp,games,gdm,gnats,haldaemon,hplip,irc,klog,libuuid,list,lp,mail,man,messagebus,news,polkituser,postfix,proxy,pulse,root,sshd,statd,sync,sys,syslog,uucp,www-data

/etc/libnss_ldap.conf:
host server.my.domain
base ou=People,dc=my,dc=domain
uri ldaps://server.my.domain/
ldap_version 3
rootbinddn cn=admin,dc=my,dc=domain
nss_base_passwd ou=People,dc=my,dc=domain
nss_base_group  ou=Group,dc=my,dc=domain

-- System Information:
Debian Release: lenny/sid
  APT prefers hardy-updates
  APT policy: (500, 'hardy-updates'), (500, 'hardy-security'), (500, 'hardy')
Architecture: i386 (i686)

Kernel: Linux 2.6.24-16-server (SMP w/8 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages libldap2 depends on:
ii  libc6             2.7-10ubuntu3          GNU C Library: Shared libraries
ii  libgnutls13       2.0.4-1ubuntu2.1       the GNU TLS library - runtime libr
ii  libsasl2-2        2.1.22.dfsg1-18ubuntu2 Cyrus SASL - authentication abstra

libldap2 recommends no packages.

-- no debconf information

More information about the ubuntu-users mailing list