Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 111393

Summary: nss_ldap failing in conjunction with sshd, cannot communicate with ldap server
Product: Gentoo Linux Reporter: Jeff <bluejeff31>
Component: [OLD] Core systemAssignee: Robin Johnson <robbat2>
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: x86   
OS: Linux   
Package list:
Runtime testing required: ---

Description Jeff 2005-11-03 12:58:25 UTC
I have ldap auth setup using nss_ldap and pam_ldap. with nss_ldap-226 It worked
like a charm everying was fine login,sshd were all using PAM and working agains
ldap on the local machine.  As soon as I upgrade to the stable version of
nss_ldap-239  It stops working with error messages in /var/log/messages like:

 sshd[5878]: nss_ldap: could not search LDAP server - Can't contact LDAP server

I've been using the exact same /etc/ldap.conf and /etc/nsswitch.conf files with
both versions of nss_ldap.

Reproducible: Always
Steps to Reproduce:
1. use sshd + PAM + nss_ldap-239
2. login via ssh as a user that only exists in ldap

Actual Results:  
The ssh login never happens and I get errors like the following in

sshd[5878]: nss_ldap: could not search LDAP server - Can't contact LDAP server

Expected Results:  
communicated with the ldap server and continued with allowing the ssh session to
Comment 1 Jeff 2005-11-03 14:29:40 UTC
I've re-emerged nss_ldap a few times and now with nss_ldap-239 it is working...
 not sure what has changed.  I have the same thing happening on another gentoo
box I have right now though.
Comment 2 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2005-11-30 17:23:14 UTC
nss_ldap is strange - if you are running one version, and install another on top
of it, it's internal state can get fucked up until you reboot the box.

you need to NOT have it loaded in memory when it's upgraded.