After doing all outstanding updates on my debian 3.1/testing system today I had the same problem. Downgrading libnss-ldap to 220-1 solves the problem.
Since I wasn't able to login at all (no root, no local user and no ldap users) after the update I checked my config files again and adapted the changes that the README.Debian of the libpam-ldap package suggests. See the comments to the config files below. At least I'm able to login now with the local accounts and root. This is not meant as a solution or workaround, it just makes testing easier. The easiest way to test this is a simple (foo beeing an ldap account) utumno:~# su - foo su: pthread_mutex_lock.c:78: __pthread_mutex_lock: Assertion `mutex->__data.__owner == 0' failed. Now if i turn off nscd (normaly running here) it works again: utumno:~# su - foo I have no [EMAIL PROTECTED]:~$ (The resolving of the uid->I have no name works with running nscd, but I think thats a nscd / ldap permissions thing). Tom /etc/libnss-ldap.conf: ----- host XXXXXXXXXXXXXX.com base dc=XXXXXXXXXXXXXXX=com uri ldaps://XXXXXXXXXXXXXX.com/ ldap_version 3 rootbinddn cn=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXdc=com tls_cacertfile /etc/ssl/certs/ca-certificates.crt ssl on pam_password md5 ----- /etc/nsswitch.conf ----- passwd: files [NOTFOUND=continue] ldap group: files [NOTFOUND=continue] ldap #before libpam-ldap/README.Debian# shadow: files ldap shadow: files ----- /etc/pam.d/common-account ----- #before libpam-ldap/README.Debian# account sufficient pam_ldap.so #before libpam-ldap/README.Debian# account required pam_unix.so account [success=1 default=ignore] pam_unix.so account required pam_ldap.so account required pam_permit.so ----- /etc/pam.d/common-auth ----- #before libpam-ldap/README.Debian# auth sufficient pam_ldap.so #before libpam-ldap/README.Debian# auth required pam_unix.so nullok_secure try_first_pass auth [success=1 default=ignore] pam_unix.so auth required pam_ldap.so use_first_pass auth required pam_permit.so ----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
