I have ldap auth setup using nss_ldap and pam_ldap. with nss_ldap-226 It worked like a charm everying was fine login,sshd were all using PAM and working agains ldap on the local machine. As soon as I upgrade to the stable version of nss_ldap-239 It stops working with error messages in /var/log/messages like: sshd[5878]: nss_ldap: could not search LDAP server - Can't contact LDAP server I've been using the exact same /etc/ldap.conf and /etc/nsswitch.conf files with both versions of nss_ldap. Reproducible: Always Steps to Reproduce: 1. use sshd + PAM + nss_ldap-239 2. login via ssh as a user that only exists in ldap Actual Results: The ssh login never happens and I get errors like the following in /var/log/messages: sshd[5878]: nss_ldap: could not search LDAP server - Can't contact LDAP server Expected Results: communicated with the ldap server and continued with allowing the ssh session to occur.
I've re-emerged nss_ldap a few times and now with nss_ldap-239 it is working... not sure what has changed. I have the same thing happening on another gentoo box I have right now though.
nss_ldap is strange - if you are running one version, and install another on top of it, it's internal state can get fucked up until you reboot the box. you need to NOT have it loaded in memory when it's upgraded.