With nss_ldap-249, I set up a client to authenticate users/groups via LDAP. With getent and id I made sure that the settings were correct (also, I had a bunch of ubuntu clients working with the same config files), but for some reason login wasn't possible - see http://forums.gentoo.org/viewtopic-p-3658563.html#3658563 First I thought I was missing something, but since emerging the ~masked version of nss_ldap (253) solved the problem I assume it's a bug. Confirmed both on amd64 and x86. I don't know why this affects only me, but we should mark a newer release stable ASAP.
I emerged some other versions of nss_ldap, and the problem only occurs with 249. The next oldest in portage, 239-r1, works as well as 250.
you failed to post your configurations. I suspect you were using SSL, which is known to be weirdly broken on 249. 253* will be stable soon.
/etc/ldap.conf: base dc=example,dc=com uri ldap://ldap.example.com/ ldap_version 3 bind_policy soft pam_login_attribute uid pam_password md5 nss_base_passwd ou=Users,dc=example,dc=com?one nss_base_passwd ou=Computers,dc=example,dc=com?one nss_base_shadow ou=Users,dc=example,dc=com?one nss_base_group ou=Groups,dc=example,dc=com?one ssl start_tls tls_checkpeer yes tls_cacertfile /etc/openldap/ssl/ca.pem /etc/conf.d/slapd is empty, so I don't have ssl enabled. Also netstat -a | grep ldaps returns nothing.
Have tried already w/ commenting out these lines? #ssl start_tls #tls_checkpeer yes #tls_cacertfile /etc/openldap/ssl/ca.pem
no response from user, assuming that nss_ldap-253 works.
Sorry for my silence - yes, 253 works, and 249 still doesn't (I installed to new gentoo servers this week and experienced the same problems again). Why is 249 still the latest stable version?
253 stable on almost all arches now.
