Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 220513

Summary: iptables -m owner and ldap
Product: Gentoo Linux Reporter: Anton S. Ustyuzhanin <kit>
Component: [OLD] Core systemAssignee: Gentoo LDAP project <ldap-bugs>
Status: RESOLVED INVALID    
Severity: normal    
Priority: High    
Version: 2007.0   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Anton S. Ustyuzhanin 2008-05-06 04:45:49 UTC 
When system using pam_ldap and nss_ldap, and iptables rules contains -m owner, then iptables fails to start at reboot. The iptables-restore script cannot find users' uids until slapd starts.
The solution is to add in /etc/init.d/iptables' depend() section "use slapd".

Reproducible: Couldn't Reproduce

Steps to Reproduce:
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-05-06 07:33:07 UTC 
reassigning to bug-wranglers
Comment 2 Jan Kundrát (RETIRED) gentoo-dev 2008-05-06 08:04:06 UTC 
Adding a dependency on slapd won't help if you use a remote LDAP server.
Comment 3 Robin Johnson archtester Gentoo Infrastructure gentoo-dev Security 2008-05-22 18:28:18 UTC 
How is this an LDAP problem?

If the LDAP server is remote, you still get the same problem. Change your iptables rules to use numeric uids maybe?