When ssh'ing into one of my systems nss_ldap breaks at looking up the groups with the following error: sockbuf.c:91: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed. I am experiencing this on three of my machines. They are all setup to authenticate against Active Directory. Another system I used for testing shows not this problem. testet it with openldap-2.2.28 -> 2.3.20 and the newest nss_ldap libraries. Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.4.5, glibc-2.3.6-r3, 2.6.15 i686) ================================================================= System uname: 2.6.15 i686 Intel(R) Pentium(R) 4 CPU 1.80GHz Gentoo Base System version 1.12.0_pre16 distcc 2.18.3 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled] ccache version 2.4 [disabled] dev-lang/python: 2.3.5-r2, 2.4.2-r1 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.59-r7 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1 sys-devel/binutils: 2.16.1-r2 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.11-r3 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-Os -march=pentium4 -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-Os -march=pentium4 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="x86 X acl alsa apache2 apm arts async automount avi berkdb bitmap-fonts bzip2 cli crypt cups dba eds emboss encode expat foomaticdb fortran gd gdbm gif gnome gpm gstreamer gtk gtk2 imlib ipv6 java jpeg junit kde kerberos ldap ldapsam libg++ libwww mad mikmod motif mp3 mpeg mysql ncurses nls nptl ogg oggvorbis opengl oss pam pcre pdf pdflib perl php png python qt quicktime readline samba sasl sdl session soap spell ssl syslog tcpd tiff tokenizer truetype truetype-fonts type1-fonts udev vorbis winbind xml xml2 xmlrpc xmms xv zlib userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, MAKEOPTS
Could you list the differences between your test machines where the one doesn't show the problem but the other does? Could you also explictly state which version of nss_ldap you used?
until yesterday the test system worked fine, but now without modifying something it acts strange too. sys-auth/nss_ldap: 239-r1 net-nds/openldap: 2.1.30-r7, but tested with 2.3.20 too sys-auth/pam_ldap: 178-r1, but tested with 180 too
move to ldap-bugs alias for other ldap developers to see.
any news on this, it's a major issue for me since it interrupts many internal services, that need ssh access.
It seems I had the same problem on one PC : net-nds/openldap-2.2.28-r3 sys-auth/nss_ldap-239-r1 sys-auth/pam_ldap-180 net-misc/openssh-4.3_p2-r1 19:08:06 chris@KanelXP ~ $ ssh localhost Connection to localhost closed by remote host. Connection to localhost closed. Apr 21 19:16:51 KanelXP sshd[21225]: Accepted publickey for chris from 127.0.0.1 port 53395 ssh2 Apr 21 19:16:51 KanelXP sshd(pam_unix)[21230]: session opened for user chris by (uid=0) Apr 21 19:16:51 KanelXP sshd[21225]: nss_ldap: could not search LDAP server - Can't contact LDAP server Apr 21 19:16:51 KanelXP sshd[21225]: fatal: login_get_lastlog: Cannot find account for uid 501 Apr 21 19:16:51 KanelXP sshd[21225]: nss_ldap: could not search LDAP server - Can't contact LDAP server Apr 21 19:16:51 KanelXP sshd[21225]: fatal: login_init_entry: Cannot find user "chris" Apr 21 19:16:51 KanelXP sshd(pam_unix)[21230]: session closed for user chris I have exactly the same configuration (/etc/ldap.conf, /etc/nsswitch.conf, /etc/openldap/ldap.conf, /etc/ssh/sshd_config) on all my others PCs, and all works fine with : net-nds/openldap-2.2.28-r3 sys-auth/pam_ldap-180 sys-auth/nss_ldap-239-r1 net-misc/openssh-4.2_p1 or : net-nds/openldap-2.2.28-r3 sys-auth/nss_ldap-249 sys-auth/pam_ldap-180 net-misc/openssh-4.2_p1-r1 When I upgraded to nss_ldap-249, all worked again.
sys-auth/nss_ldap-249 is now in stable branch, and I can't use ssh anymore with ldap. I need to have accounts in /etc/passwd, not really what I want and what ldap is used for ;-) I had to downgrade to sys-auth/nss_ldap-239-r1
Christophe: but you previously wrote the 249 worked for you?
Robin : Yes, but it didn't anymore. I don't understand very well. What I think is that when it worked, it surely was on system that had accounts in /etc/passwd. Without this, it doesn't work. Or, my congiguration is not good, but it work with it and 239-r1. I had to mask 249. :-(
christope: I'm going to close this old bug, for now as 239 works, and can you please open a new one, assigned to ldap-bugs, with the error messages you get under 249?
ok, I'll do it, but I have to install 249 again to get all informations :-) I make my current update, and I'll do that after.
done here : https://bugs.gentoo.org/show_bug.cgi?id=134473