Bug 111393

Summary:	nss_ldap failing in conjunction with sshd, cannot communicate with ldap server
Product:	Gentoo Linux	Reporter:	Jeff <bluejeff31>
Component:	[OLD] Core system	Assignee:	Robin Johnson <robbat2>
Status:	RESOLVED CANTFIX
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	x86
OS:	Linux
Whiteboard:
Package list:		Runtime testing required:	---

Description Jeff 2005-11-03 12:58:25 UTC

I have ldap auth setup using nss_ldap and pam_ldap. with nss_ldap-226 It worked
like a charm everying was fine login,sshd were all using PAM and working agains
ldap on the local machine.  As soon as I upgrade to the stable version of
nss_ldap-239  It stops working with error messages in /var/log/messages like:

 sshd[5878]: nss_ldap: could not search LDAP server - Can't contact LDAP server

I've been using the exact same /etc/ldap.conf and /etc/nsswitch.conf files with
both versions of nss_ldap.

Reproducible: Always
Steps to Reproduce:
1. use sshd + PAM + nss_ldap-239
2. login via ssh as a user that only exists in ldap


Actual Results:  
The ssh login never happens and I get errors like the following in
/var/log/messages:

sshd[5878]: nss_ldap: could not search LDAP server - Can't contact LDAP server

Expected Results:  
communicated with the ldap server and continued with allowing the ssh session to
occur.

Comment 1 Jeff 2005-11-03 14:29:40 UTC

I've re-emerged nss_ldap a few times and now with nss_ldap-239 it is working...
 not sure what has changed.  I have the same thing happening on another gentoo
box I have right now though.

Comment 2 Robin Johnson archtester

2005-11-30 17:23:14 UTC

nss_ldap is strange - if you are running one version, and install another on top
of it, it's internal state can get fucked up until you reboot the box.

you need to NOT have it loaded in memory when it's upgraded.