Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 152736

Summary: sys-auth/nss_ldap-249 - Openssh LDAP PAM Connections Fail with bind_policy soft
Product: Gentoo Linux Reporter: Joel Gerber <joel>
Component: New packagesAssignee: Gentoo LDAP project <ldap-bugs>
Status: RESOLVED FIXED    
Severity: major CC: betelgeuse, cazzeml, sbriglie
Priority: High    
Version: 2006.1   
Hardware: x86   
OS: Linux   
URL: http://qa.mandriva.com/show_bug.cgi?id=22075
Whiteboard:
Package list:
Runtime testing required: ---
Bug Depends on: 158254    
Bug Blocks:    

Description Joel Gerber 2006-10-24 19:12:01 UTC 
With =sys-auth/nss_ldap-249 installed, and bind_policy soft set in /etc/ldap.conf, openssh connections fail. After upgrading to =sys-auth/nss_ldap-250 (which requires modifying /etc/portage/package.keywords), it works.

bind_policy soft is needed in order to allow nss connections to be made when the slapd process hasn't initialized/is unable to initialize.

The following bug for Mandriva Linux helped me figure this out:
http://qa.mandriva.com/show_bug.cgi?id=22075

Here is my emerge --info

Portage 2.1.1 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
=================================================================
System uname: 2.6.17-gentoo-r8 i686 Pentium III (Coppermine)
Gentoo Base System version 1.12.5
Last Sync: Sun, 22 Oct 2006 01:20:02 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE=""
ARCH="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium3 -pipe"
CHOST="i686-pc-linux-gnu"
CLEAN_DELAY="5"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CROSSCOMPILE_OPTS=""
CVS_RSH="ssh"
CXXFLAGS="-O2 -march=pentium3 -pipe"
DISTDIR="/usr/portage/distfiles"
DVB_CARDS=""
EDITOR="/bin/nano"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="-av"
EMERGE_WARNING_DELAY="10"
FCDSL_CARDS=""
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -P ${DISTDIR} ${URI}"
FOO2ZJS_DEVICES=""
FRITZCAPI_CARDS=""
GCC_SPECS=""
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
HOME="/root"
INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/info::/usr/share/gcc-data/i686-pc-linux-gnu/4.1.1/info"
INPUT_DEVICES="keyboard mouse evdev"
KERNEL="linux"
LESS="-R -M --shift 5"
LESSOPEN="|lesspipe.sh %s"
LINGUAS=""
LIRC_DEVICES=""
LOGNAME="root"
MAIL="/var/mail/root"
MAKEOPTS="-j2"
MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/man::/usr/share/gcc-data/i686-pc-linux-gnu/4.1.1/man"
MISDN_CARDS=""
OLDPWD="/root"
PAGER="/usr/bin/less"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 x86 ppc64 x86-fbsd m68k arm sparc sh mips ia64 alpha ppc-macos hppa sparc-fbsd"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib/portage/bin"
PORTAGE_CALLER="emerge"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="warn error log"
PORTAGE_ELOG_MAILFROM="portage"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_ELOG_SYSTEM="save syslog"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_PYM_PATH="/usr/lib/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORT_LOGDIR="/var/log/portage"
PRELINK_PATH=""
PRELINK_PATH_MASK=""
PWD="/etc"
PYTHONPATH="/usr/lib/portage/pym"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -P ${DISTDIR} ${URI}"
ROOT="/"
ROOTPATH="/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1"
RPMDIR="/usr/portage/rpm"
SHELL="/bin/bash"
SHLVL="1"
SSH_CLIENT="192.168.0.147 3689 22"
SSH_CONNECTION="192.168.0.147 3689 192.168.0.10 22"
SSH_TTY="/dev/pts/1"
STAGE1_USE="nptl nptlonly unicode"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
TERM="xterm"
USE="x86 bash-completion berkdb bitmap-fonts chroot cli cracklib crypt cups dlloader dri elibc_glibc fortran gdbm input_devices_evdev input_devices_keyboard input_devices_mouse ipv6 isdnlog jpeg kernel_linux ldap libg++ mailwrapper ncurses nls nptl nptlonly pam pcre perl ppds pppd python readline reflection samba sasl session spl ssl tcpd truetype-fonts type1-fonts udev unicode userland_GNU video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo xorg zlib"
USER="root"
USERLAND="GNU"
USE_EXPAND="CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES FRITZCAPI_CARDS INPUT_DEVICES KERNEL LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults"
VIDEO_CARDS="apm ark ati chips cirrus cyrix dummy fbdev glint i128 i740 i810 imstt mga neomagic nsc nv rendition s3 s3virge savage siliconmotion sis sisusb tdfx tga trident tseng v4l vesa vga via vmware voodoo"
XARGS="xargs -r"
_="/usr/bin/emerge"
Comment 1 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2006-11-13 02:33:59 UTC 
Thanks, this may solve some of the linger problems.

jokey, hansmi: let's TRY moving forward with 253 in stable.
Hopefully the groups issue doesn't pop up again, and then we can finally get rid of the old versions.
Comment 2 Joel Gerber 2006-11-13 08:13:11 UTC 
(In reply to comment #1)
> Thanks, this may solve some of the linger problems.
> 
> jokey, hansmi: let's TRY moving forward with 253 in stable.
> Hopefully the groups issue doesn't pop up again, and then we can finally get
> rid of the old versions.
> 

No problem. Anything to help out Gentoo! :)
Comment 3 Markus Ullmann (RETIRED) gentoo-dev 2006-11-15 15:13:05 UTC 
robbat2: fine with it
Comment 4 Petteri Räty (RETIRED) gentoo-dev 2006-11-26 23:43:34 UTC 
(In reply to comment #3)
> robbat2: fine with it
> 

Any reason the new versions have not been requested to mark stable yet?
Comment 5 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2007-02-06 03:14:38 UTC 
253 stable on most arches now (just missing mips)