Package: libpam-ldap Version: 184-8.4 Error: The defaultbehaviour for libpam-ldap in testing seems to have changed from doing &(objectClass=posixAccount) by default for the filter for lookups for a userid in an ldap-tree, resulting in the filter reading filter="(uid=%s)". If "pam_filter objectClass=posixAccount" is put into /etc/pam_ldap.conf '(objectClass=posixAccount)' gets added to the filter twice, resulting in a filter like filter="(&(objectClass=posixAccount)(objectClass=posixAccount)(uid=%s))". The expected Result is a filter looking like filter="(&(objectClass=posixAccount)(uid=%s))" after the configurationparameter has been added.
The affected client runs debian testing, with the packages being updated daily. ------------------------ Logs from the ldap-server (running debian lenny): #############3 ## Not working squeez client tries to authenticate, pam_filter objectClass=posixAccount set ##########3# Jun 17 02:23:42 ldap slapd[20704]: conn=125 op=0 RESULT tag=97 err=0 text= Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=1 SRCH base="dc=wouldyoubuythis,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(objectClass=posixAccount)(uid=tfiebig))" Jun 17 02:23:43 ldap slapd[20704]: <= bdb_equality_candidates: (uid) not indexed Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=4 BIND anonymous mech=implicit ssf=0 Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=4 BIND dn="cn=Tobias Fiebig,ou=Users,dc=wouldyoubuythis,dc=net" method=128 Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=4 RESULT tag=97 err=49 text= Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=5 BIND dn="cn=admin,dc=wouldyoubuythis,dc=net" method=128 Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=5 BIND dn="cn=admin,dc=wouldyoubuythis,dc=net" mech=SIMPLE ssf=0 Jun 17 02:23:43 ldap slapd[20704]: conn=125 op=5 RESULT tag=97 err=0 text= ##############3 ## Not working squeez client tries to authenticate, pam_filter commented ############ Jun 17 02:27:06 ldap slapd[20704]: conn=132 fd=33 ACCEPT from IP=172.22.77.254:55459 (IP=172.22.77.160:389) Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=0 BIND dn="cn=admin,dc=wouldyoubuythis,dc=net" method=128 Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=0 BIND dn="cn=admin,dc=wouldyoubuythis,dc=net" mech=SIMPLE ssf=0 Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=0 RESULT tag=97 err=0 text= Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=1 SRCH base="dc=wouldyoubuythis,dc=net" scope=2 deref=0 filter="(uid=tfiebig)" Jun 17 02:27:06 ldap slapd[20704]: <= bdb_equality_candidates: (uid) not indexed Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=1 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=2 BIND anonymous mech=implicit ssf=0 Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=2 BIND dn="cn=Tobias Fiebig,ou=Users,dc=wouldyoubuythis,dc=net" method=128 Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=2 RESULT tag=97 err=49 text= Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=3 BIND dn="cn=admin,dc=wouldyoubuythis,dc=net" method=128 Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=3 BIND dn="cn=admin,dc=wouldyoubuythis,dc=net" mech=SIMPLE ssf=0 Jun 17 02:27:06 ldap slapd[20704]: conn=132 op=3 RESULT tag=97 err=0 text= ############3 ## Working auth, lenny client: ############# Jun 17 02:25:41 ldap slapd[20704]: conn=101 op=6 SRCH base="dc=wouldyoubuythis,dc=net" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=tfiebig))" Jun 17 02:25:41 ldap slapd[20704]: conn=101 op=6 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Jun 17 02:25:41 ldap slapd[20704]: <= bdb_equality_candidates: (uid) not indexed Jun 17 02:25:41 ldap slapd[20704]: conn=101 op=6 SEARCH RESULT tag=101 err=0 nentries=1 text= Jun 17 02:25:42 ldap slapd[20704]: conn=101 op=7 SRCH base="ou=Group,dc=wouldyoubuythis,dc=net" scope=1 deref=0 filter="(&(objectClass=posixGroup)(cn=tfiebig))" Jun 17 02:25:42 ldap slapd[20704]: conn=101 op=7 SRCH attr=cn userPassword memberUid uniqueMember gidNumber Jun 17 02:25:42 ldap slapd[20704]: <= bdb_equality_candidates: (cn) not indexed Jun 17 02:25:42 ldap slapd[20704]: conn=101 op=7 SEARCH RESULT tag=101 err=0 nentries=0 text= -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
