[Bug 236142] Re: libnss-ldapd is too old and broken in hardy, please ship 0.6.2
I'm the main developer of nss-ldapd as well as the Debian package maintainer and I think 0.5 is good for testing but not yet ready for production use. A number of major and minor bugs were fixed in later releases, some of the fixes were done by some restructuring of the code. All in all from 0.5 to 0.6.2 there are almost 200 commits in SVN affecting in total roughtly 2000 lines of code (exclusing test code, documentation, comments, etc). Backporting the relevant changes will not be easy (though if the price is right, I might be willing to try). ;-) As for the stability of 0.6.2, it has received a lot more testing than 0.5 and most of the memory leaks and crashes have been worked out (although you should also watch which version of the OpenLDAP library you are using). There could always be hidden bugs and there is a known problem with reconnects that should be done better (see the Debian BTS for more details). I feel 0.6.2 should work well in most environments. -- libnss-ldapd is too old and broken in hardy, please ship 0.6.2 https://bugs.launchpad.net/bugs/236142 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 237115] Re: nscd: nss_ldap: server is unavailable
The log message is from nss_ldap, not from nss-ldapd, reassigning this bugreport. ** Changed in: libnss-ldap (Ubuntu) Sourcepackagename: nss-ldapd => libnss-ldap -- nscd: nss_ldap: server is unavailable https://bugs.launchpad.net/bugs/237115 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 237115] Re: nscd: nss_ldap: server is unavailable
** Changed in: ubuntu Sourcepackagename: libnss-ldap => None -- nscd: nss_ldap: server is unavailable https://bugs.launchpad.net/bugs/237115 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235920] Re: Replacing libnss-ldap with libnss-ldapd fails
Could you indicate which version of nss-ldapd causes problems for you? Ubuntu ships 0.5 in Hardy which I would recommend against using and 0.6.2 in Intrepid. The last version is a lot more stable and is better tested. If with version 0.6.2 you still have problems, could you give some more information about your configuration (e.g. contents of /etc/nss- ldapd.conf, any output when nslcd is run in debugging mode, etc). -- Replacing libnss-ldap with libnss-ldapd fails https://bugs.launchpad.net/bugs/235920 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 231472] Re: Disabled buttons and an "inactive" address bar
I have seen the same problem and I too have /home over NFS. It seems that for some reason or another some locks remain in place. Opening places.sqlite by hand also gave an arror (forgot to write it down, sorry). After creating a tarball from the profile directory from ~/.mozilla/firefox, removing the original directory and unpacking the tarball everything works again as expected. -- Disabled buttons and an "inactive" address bar https://bugs.launchpad.net/bugs/231472 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 227675] Re: libnss-ldapd nslcd crashes regularly
The version of nss-ldapd that Ubuntu is shipping is old. In recent releases a number of bugs haven been fixed that affect stability of nslcd. Please try 0.6.2 (the most recent release). That version is available in Debian, porting it to Ubuntu shouldn't be too difficult. -- libnss-ldapd nslcd crashes regularly https://bugs.launchpad.net/bugs/227675 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 585966] Re: nslcd doesn't failover to backup server on authentication (bind)
** Changed in: nss-pam-ldapd (Ubuntu) Assignee: Arthur de Jong (adejong) => (unassigned) -- nslcd doesn't failover to backup server on authentication (bind) https://bugs.launchpad.net/bugs/585966 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 576137] Re: nss-pam-ldapd should not depend on nslcd
Another alternative would be to have a separate package for the nssov overlay which would provide/conflict nslcd. That package (slapd-nssov?) could then also have the maintainer scripts configure and enable the overlay in slapd. I don't think dropping the dependency is a good idea because users upgrading from older versions where the daemon was part of libnss-ldapd would end up with a non-functioning system without a clear way to fix it after an upgrade. -- nss-pam-ldapd should not depend on nslcd https://bugs.launchpad.net/bugs/576137 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 235920] Re: Replacing libnss-ldap with libnss-ldapd fails
It is strange that a slash would end u in the config. Can you include the output of the following commands in the bugreport: hostname --domain hostname --nis | grep '\.' hostname --fqdn | sed -n 's/^[^.]*\.//p' sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf sudo grep -i base /etc/ldap/ldap.conf /etc/ldap.conf sudu grep -i base /etc/libnss-ldap.conf /etc/pam_ldap.conf sudo grep -i base /etc/nss-ldapd.conf /etc/nslcd.conf These are the only things that should be used to build the default search base, perhaps one of them is in an unexpected format. After the guessing of the search base you should be prompted for a search base to confirm. Do you remmeber if there was a slash present in the shown value at configuration time? -- Replacing libnss-ldap with libnss-ldapd fails https://bugs.launchpad.net/bugs/235920 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 401050] Re: webcheck -q not silent
It is clearer if you file separate bugs for separate issues. Anyway, regarding the -q option not working. What output are you seeing? I think there may be some debugging info left over from development. You should be able to comment out the line containing conn.set_debuglevel in schemes/http.py without ill effects. Regarding the second problem. The patterns are matched against the full URL (see the manual page), therefore no URL starts with a / (most start with http://, https:// or something similar). Perhaps what you are looking for is something like this: --yank='^https?://[a-z0-9A-Z]*/$' Hope this helps. -- webcheck -q not silent https://bugs.launchpad.net/bugs/401050 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 401050] Re: webcheck -q not silent
Oops, there was a dot missing from the regular expression, it should read: --yank='^https?://[a-z0-9A-Z.]*/$' -- webcheck -q not silent https://bugs.launchpad.net/bugs/401050 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 474666] Re: package cvsd 1.0.16 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2
The relevant part of the dpkg log is: Setting up cvsd (1.0.16) ... Adding group `cvsd' (GID 125) ... Done. Adding system user `cvsd' (UID 116) ... Adding new user `cvsd' (UID 116) with group `cvsd' ... Creating home directory `/var/lib/cvsd' ... creating directory structure under /var/lib/cvsd... dpkg: error processing cvsd (--configure): subprocess installed post-installation script returned error exit status 2 Apparently creating the chroot jail under /var/lib/cvsd failed for some reason. Can you run 'cvsd-buildroot /var/lib/cvsd' by hand and see if that also fails. If that does not show more useful output could you do 'sh -x /usr/sbin/cvsd-buildroot /var/lib/cvsd' and see if that results in more useful output. Can you also provide some more information on your system (e.g. which /bin/sh are you using). Also, please consider including the output from the cvsd-buginfo script in this report. Thanks. -- package cvsd 1.0.16 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 https://bugs.launchpad.net/bugs/474666 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 474666] Re: package cvsd 1.0.16 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2
The only problem is that sudo is missing from the sh -x call but I found the problem anyway (the cvsd-buginfo output showed how far it got). The problem is that bash 4 handles the this statement: false || ( false && false ) differently from bash 3 when set -e is used (bash 4 terminates the script and 3 doesn't). Btw, dash behaves the same as bash 3. Anyway, I will change the cvsd-buildroot script to use less && and || magic (which is a good thing anyway) and create a new release shortly (the upload will be to Debian but I guess Ubuntu will pick it up soon enough). As a workaround you can edit the cvsd-buildroot script and comment out the set -e statement at the beginning. Attached is a minimal patch which also fixes the issue. Note that this is not the patch that will go into 1.0.18, for that see http://arthurdejong.org/viewvc/cvsd/cvsd- buildroot.in?r1=1.49&r2=1.50 The cvsd-buginfo also pointed me to a bug in that script (was there since 2006 apparently) (the wrong uname call). That will also be fixed in the next release. ** Attachment added: "minimal fix for cvsd-buildroot" http://launchpadlibrarian.net/37898854/cvsd-fix-buildroot.patch -- package cvsd 1.0.16 failed to install/upgrade: subprocess installed post-installation script returned error exit status 2 https://bugs.launchpad.net/bugs/474666 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 507819] Re: libnss-ldapd package shoud depend of nslcd
Yes, the libnss-ldapd package should depend on nslcd. An alternative to nslcd is running a slapd with an nssov module but I don't know in which package that module is (that package should problably provide nslcd), -- libnss-ldapd package shoud depend of nslcd https://bugs.launchpad.net/bugs/507819 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 508199] Re: socket path does not match nssov's socket path
The default location that both nss-ldapd and nssov use is /var/run/nslcd/socket. The Ubuntu package (at least 0.6.11ubuntu2) uses /var/run/nslcd/nslcd.socket, probably left over from 0.6.11ubuntu1 where it was /var/run/nslcd.socket. -- socket path does not match nssov's socket path https://bugs.launchpad.net/bugs/508199 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 242604] Re: Cannot extract vobsub file from ifo files in local folder, only from DVD
What worked for me was to copy the .ifo files manually from the DVD to the tmp/ifo/ directory. -- Cannot extract vobsub file from ifo files in local folder, only from DVD https://bugs.launchpad.net/bugs/242604 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1781035] Re: chsh.ldap crashes when I change my password
The problem from the logs is the the lookup of the user failed in nslcd. This probably means that authentication between nslcd and the LDAP server needs to be configured in nslcd.conf. I expect that getent.ldap also fails with this configuration/ If you are not using libnss-ldapd for LDAP user account management using nslcd-utils may not be the best solution. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1781035 Title: chsh.ldap crashes when I change my password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1781035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1781035] Re: chsh.ldap crashes when I change my password
Can you post the output from nslcd in debug mode? The easiest way to do this is run in a separate window: % sudo -s # service nslcd stop # nslcd -d It is important to run sudo -s first because if you stop the nslcd service the LDAP users will not be able to authenticate until you start nslcd again. You can terminate the above with + and run service nslcd start. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1781035 Title: chsh.ldap crashes when I change my password To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1781035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1029656] Re: nslcd does not start on boot everytime
If you can reliably reproduce this, please try to supply debugging information as described in https://bugs.debian.org/643948#61 (specifically the gdb invocation of ldapsearch). It this can be shown to be a problem in libldap or something else it can be chased in the appropriate package. Any help tracking this down is very welcome. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1029656 Title: nslcd does not start on boot everytime To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1029656/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
According to the mailing list post you would expect that "expect fork" should be the right thing to do. If you really want to implement a command-line switch for this (I think it is a bit silly to have to do this for upstart), please name it -n (this seems to be used by a few daemons that provide such an option). The change itself shouldn't be too complicated. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
I've merged your change upstream in both the 0.8 and 0.9 branches. Attached is a patch that should be suitable for dropping in debian/patches for version 0.8.13-2. ** Patch added: "implement-nofork.patch" https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+attachment/3776774/+files/implement-nofork.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1605167] Re: nslcd should have tomcat7 and tomcat8 in X-Start-Before
I would strongly recommend against putting system users (e.g. tomcat user) in LDAP. Especially it is difficult to this right during boot and shutdown. The default configuration of nss-pam-ldapd also filters uids < 1000 out of queries to avoid this. The reason that some services are listed in nslcd's init script in X -Start-Before is that those services (can) use normal user accounts. For example if a mail server would be started before nslcd is available mail could be rejected. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1605167 Title: nslcd should have tomcat7 and tomcat8 in X-Start-Before To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1605167/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1605167] Re: nslcd should have tomcat7 and tomcat8 in X-Start-Before
If you are using NFS you probably already use the NFS id mapper which should take care of things if you are using the same user names across servers, even if the numeric ids differ. I have managed some environments where some system users were in LDAP for legacy reasons. In that case I just copied the LDAP user to /etc/passwd also. If you can confirm that adding tomcat7 and tomcat8 to X-Start-Before solves your problem I can add it but it is becoming a very log list. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1605167 Title: nslcd should have tomcat7 and tomcat8 in X-Start-Before To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1605167/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1618190] Re: nslcd Repeats Failed Auth Attempt for Every "uri" Specified in nslcd.conf, Causes Account Lockouts
Thanks for reporting this. I've changed the behaviour upstream, see https://arthurdejong.org/git/nss-pam- ldapd/commit/?id=d8ad7b127363d6d73ab1de6796886fda5eb07054 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1618190 Title: nslcd Repeats Failed Auth Attempt for Every "uri" Specified in nslcd.conf, Causes Account Lockouts To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1618190/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
If you are seeing something like: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded) It means that you probably have libnss-ldap installed instead of libnss-ldapd (note the extra d). Using nslcd works best with libnss-ldapd and libpam-ldapd. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
It is probably best to migrate to either nss-pam-ldapd, sssd or nss-pam- ldapd in combination with the nssov slapd overlay. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1454246] Re: nslcd: unable to daemonize
** Bug watch added: Debian Bug tracker #759544 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759544 ** Also affects: nss-pam-ldapd (Debian) via http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759544 Importance: Unknown Status: Unknown -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1454246 Title: nslcd: unable to daemonize To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1454246/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1454246] Re: nslcd: unable to daemonize
This is likely to be the same issue as https://bugs.debian.org/759544 which is fixed in Debian testing and unstable. Discussion on fixing this is stable can be found at https://bugs.debian.org/785053. Fixing this in a 0.9.4 version probably requires inclusing other patches that are part of 0.9.5. ** Bug watch added: Debian Bug tracker #785053 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785053 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1454246 Title: nslcd: unable to daemonize To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1454246/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1229713] Re: nslcd auto-configuration disregards existing nslcd.conf
This is probable the same problem as Debian bug #717063 (http://bugs.debian.org/670133). The applied fix is here: http://arthurdejong.org/viewvc/nss-pam-ldapd?view=revision&revision=2016 ** Bug watch added: Debian Bug tracker #670133 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670133 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1229713 Title: nslcd auto-configuration disregards existing nslcd.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1229713/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
Juan, Can you provide some more information on your boot sequence? nslcd should only hang if it has been started before networking is available (which shouldn't happen because of the init scripts dependencies). If your connection to the LDAP server is otherwise reliable you could also reduce the bind_timelimit and reconnect_retrytime options to reduce the delay. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
It is not recommended to run nslcd in debug mode in production. Anyway, on start-up nslcd will call daemon() to daemonise. I thought that daemon() called fork() twice but according to the manual page it only forks once. After that, it starts a number of threads (configured by the threads option in nslcd.conf) and optionally starts another sub- process to do cache invalidation. This last process is only started in 0.9.0 and later if configured and is started before dropping privileges so runs as root (while other processes commonly run as user nslcd). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
Currently nslcd does not support not forking into the background outside of debug mode. The pid of nslcd can be reliably determined by looking at /var/run/nslcd/nslcd.pid. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1464590] Re: nslcd segfaults with nslcd[xxx]: segfault at 0 ip xxx error 4 in libc-2.15.so
Thanks for your bug report. Can you provide your nslcd.conf? Also, can you run an nslcd that contains the debug symbols? The easiest way to do that is probably to compile nslcd from source. Also installing libkrb5-dbg, libldap-2.4-2-dbg, libc6-dbg, libcomerr2-dbg, cyrus- sasl2-dbg, libgnutls26-dbg and libgcrypt11-dbg packages will probably result in a more useful backtrace. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464590 Title: nslcd segfaults with nslcd[xxx]: segfault at 0 ip xxx error 4 in libc-2.15.so To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1464590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1464590] Re: nslcd segfaults with nslcd[xxx]: segfault at 0 ip xxx error 4 in libc-2.15.so
The trace doesn't help me much in tracking it down I'm afraid. I've checked all the uses of strcmp() in nslcd that could be reachable and have not found a likely candidate. You could try building a package on another machine that includes the debug symbols (see https://jameswestby.net/tips/tips/compiling-debian-package-for- debug.html) or try running nslcd under valgrind. Running under valgrind does have a performance impact though. Is the crash always after such a search? Is there any pattern in the crashes? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1464590 Title: nslcd segfaults with nslcd[xxx]: segfault at 0 ip xxx error 4 in libc-2.15.so To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1464590/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1000205] Re: Upgrade from 10.04 to 12.04 server brakes configuration of nslcd
If this is useful for Ubuntu, I can prepare a patch, although I would recommend against using 0.8.4 in a stable release because the 0.8 series is still in development (but now reaching stability with 0.8.8-3). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1000205 Title: Upgrade from 10.04 to 12.04 server brakes configuration of nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1000205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1418265] Re: Memory leak when using pam_ldap in long running processes
The aptitude output shows that the bug is in libpam-ldap, not in libpam- ldapd (part of nss-pam-ldapd). ** Package changed: nss-pam-ldapd (Ubuntu) => libpam-ldap (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1418265 Title: Memory leak when using pam_ldap in long running processes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1418265/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1350778] Re: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems
I don't think the configuration upgrade code is the issue here (that would probably only cause issues with some downgrades). Furthermore, from a quick glance it seems the patch disables debconf configuration altogether. The Debian packages contains numerous fixes to the debconf handling and configuration parsing that most likely fix the above issues: * don't clear the tls_reqcert option when using ssl without the start_tls option or an ldaps:// URL fixed in 0.8.8-3 (Debian bug https://bugs.debian.org/672301) patch: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1687&view=revision * fix a problem in sed logic for commenting out disabled options fixed in 0.8.10-3 (Debian bug https://bugs.debian.org/689296) patch: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1777&view=revision * make whitespace matching consistent in regular expressions fixed in 0.8.5 patch: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1543&view=revision * get the first configuration value instead of the last because that one is also written fixed in 0.8.5 patch: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1567&view=revision * properly parse and write configuration options with an optional map parameter during debconf configuration fixed in 0.8.10-2 (Launchpad bug https://bugs.launchpad.net/bugs/1029062) patch: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1740&view=revision * properly handle preseeding and reading values from the configuration file by forcefully overwriting debconf values from nslcd.conf and not overwriting debconf values when reading other configuration files fixed in 0.8.13-2 (Debian bug https://bugs.debian.org/717063) patch: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=2016&view=revision ** Bug watch added: Debian Bug tracker #672301 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672301 ** Bug watch added: Debian Bug tracker #689296 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689296 ** Bug watch added: Debian Bug tracker #717063 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717063 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350778 Title: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350778/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1350901] Re: nslcd doesn't respect dpkg-divert
The problems in configuration handling are probably addressed in Launchpad bug https://bugs.launchpad.net/bugs/1350778. What is exactly the use case for diverting /etc/nslcd.conf? Currently the path is fixed at compile-time in the nslcd binary so moving it somewhere else will not accomplish much in itself. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350901 Title: nslcd doesn't respect dpkg-divert To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350901/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1350778] Re: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems
Granted, it is quite a long list of changes but 0.8.4 was never meant to be a stable release and the 0.8 series was in mind-development around 0.8.4 so that is to be expected. On my system dpkg --compare-versions "" lt-nl "0.8" is false so it would seem the code is also not run on fresh installs (you should probably use lt instead of lt-nl if you want the described behaviour). Furthermore, with the patch applied dpkg-reconfigure nslcd no longer has the expected behaviour. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350778 Title: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350778/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1350778] Re: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems
dpkg --compare-versions "" lt-nl "0.8" returns 1 (false) here (Debian sid). Is this different on Ubuntu? Debian wheezy has 0.8.10-4 which includes all the fixes mentioned above, except for #717063. This release also includes all the changes currently in the Ubuntu version (0.8.4ubuntu0.3). There is also a 0.8.14-1 version available (http://snapshot.debian.org/package/nss-pam-ldapd/0.8.14-1/) which should be the most stable and well tested 0.8 version available. Between 0.8.4 and 0.8.10-4 the biggest changes are: * various logging improvements * add ignorecase option * I/O handling improvements (avoid broken pipes, use poll() instead of select(), etc.) * pam_authz_search improvements * various fixes to debconf configuration issues as described earlier * various code improvements and small fixes Between 0.8.10-4 and 0.8.14-1 the biggest changes are: * add pam_password_prohibit_message option * add sasl_canonicalize option * a lot of small code fixes that were the result of testing tools Diffstat between 0.8.4ubuntu0.3 and 0.8.10-4 (excluding documentation, test changes and other unrelated changes): 51 files changed, 743 insertions(+), 568 deletions(-) Diffstat between 0.8.10-4 and 0.8.14-1 (same excludes): 57 files changed, 966 insertions(+), 818 deletions(-) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1350778 Title: Upgrading nslcd on precise rewrites /etc/nslcd.conf, leaving users with unusable systems To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1350778/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1295184] Re: package nslcd 0.8.4ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
The dpkg log shows the installation of nslcd (was uninstalled before). The relevant part shows that adduser failed: Adding new user `nslcd' (UID 116) with group `nslcd' ... adduser: `/usr/bin/chfn -f nslcd name service LDAP connection daemon nslcd' exited from signal 139. Exiting. dpkg: error processing nslcd (--configure): subprocess installed post-installation script returned error exit status 1 The kernel log shows: [11508.391940] chfn[10880]: segfault at 10 ip 7f090734df90 sp 7fffe7854230 error 4 in pam_krb5.so[7f0907348000+c000] Which seens to point to a bug in pam_krb5 or one of it's libraries. While you could use pam_krb5 and pam_ldap together, it is probably not what you want. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1295184 Title: package nslcd 0.8.4ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1295184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1295184] Re: package nslcd 0.8.4ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
In this configuration you probably need libnss-ldapd for the account information and libpam-krb5 for Kerberos. You don't need libpam-ldapd. This should also be doable with SSSD. Anway, I don't think there is enough information in the bug report to investigate further. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1295184 Title: package nslcd 0.8.4ubuntu0.2 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1295184/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1374434] Re: nslcd daemon dies
Thanks for reporting this. It seems the crash happend quite quicly after start-up (issues during start-up have been seen in relation to SSL). Does the kernel log anything (segmentation fault)? What is your nslcd.conf like? If you run nslcd in debug mode (start manually with -d) does it output any useful information around the time of the crash? If this is at all reproducable running it under gdb, valgrind or even strace could provide valuable information. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1374434 Title: nslcd daemon dies To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1374434/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1090554] Re: id segfaults when looking up user information
The described bug is in the libnss-ldap package which is not related to nss-pam-ldapd. You do not need nslcd if you are using libnss-ldap and libpam-ldap. It is not used at all. If you want to use nslcd, you should be using libnss-ldapd and libpam-ldapd instead. The warning message with the undefined symbol is because on start-up nslcd tries to load the libnss-ldapd NSS module to try to disable it within nslcd to avoid lookup loops. This message indicates that the mechanism to disable these lookups was not found. It probably means that libnss-ldap is installed instead of libnss-ldapd (or a version older than 0.7.7). ** Package changed: nss-pam-ldapd (Ubuntu) => libnss-ldap (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1090554 Title: id segfaults when looking up user information To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1090554/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 893806] Re: postinst fails due to sh fat finger
** Changed in: nss-pam-ldapd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/893806 Title: postinst fails due to sh fat finger To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/893806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 992737] Re: Ineffective pam_authz_search filter
** Changed in: nss-pam-ldapd (Ubuntu) Status: Confirmed => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/992737 Title: Ineffective pam_authz_search filter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/992737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 940092] Re: package nslcd 0.7.13 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
** Changed in: nss-pam-ldapd (Ubuntu) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/940092 Title: package nslcd 0.7.13 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/940092/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
It may be useful to know that Debian just added some information to policy regarding init systems other than SysV init and even some notes specific to upstart: http://www.debian.org/doc/debian-policy/ch-opersys.html#s-alternateinit -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1063923] Re: nslcd config and debconf
The problem is that the value "external" isn't currently supported by the package configuration and it is incorrectly replaced by auto as a default value. Current supported values are: auto, LOGIN, PLAIN, NTLM, CRAM-MD5, DIGEST-MD5, GSSAPI, OTP. The "EXTERNAL" value will be added as a possible value. Btw, using debconf-set-selections and using dpkg-reconfigure is not a supported way to update the configuration because the current configuration is always read from the configuration file in order to preserve configuration changes outside debconf. The only situation where preseeding would work is on initial installation when the configuration file is absent. The change in SVN is at: http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=1778&view=revision -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1063923 Title: nslcd config and debconf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1063923/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
You can replace "pam_check_host_attr yes" with pam_authz_search (&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*))) See the nslcd.conf manual page for more details (the 0.7 series doesn't have the fqdn value yet). Btw, you can use libpam-ldap fine together with libnss-ldapd if you prefer. Also note that nslcd is no replacement for nscd. nslcd doesn't do much caching and nscd (or unscd) can still be used to reduce the load on your LDAP server. The only real things that are missing in nss-pam-ldapd are nested groups and LDAP password policies. Patches are welcome ;) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
craig-white@139 Please file a bug against nslcd to track the problem with pam_authz_search. Also, in general, bug reports for any missing features are welcome. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 992737] Re: Ineffective pam_authz_search filter
Can you include the contents of your /etc/pam.d/common-account file? Also, does getent shadow yourusername output any information? Lastly, it would be really helpful to have the output of nslcd -d while you try a login. Thanks. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/992737 Title: Ineffective pam_authz_search filter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/992737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 992737] Re: Ineffective pam_authz_search filter
On Tue, 2012-05-01 at 19:57 +, Craig White wrote:
> # getent shadow cwhite
> cwhite:*:15245::0
>
> # cat /etc/pam.d/common-account
[...]
> account [success=2 new_authtok_reqd=done default=ignore]
> pam_unix.so
> account [success=1 default=ignore] pam_ldap.so
This is the pam config from libpam-ldap, not libpam-ldapd (at least not
0.8.4). If you have ldap as primary you need to disable shadow lookups
to ldap in /etc/nsswitch.conf.
I can't find an upgrade scenario that would leave your config like this.
Did you have libpam-ldap installed before? Can you check if
dpkg-reconfig libpam-ldapd changes /etc/pam.d/common-account and what
the contents of /usr/share/pam-configs/ldap is?
> root@nxpc:~# nslcd -d
> nslcd: accepting connections
> nslcd: [8b4567] DEBUG: connection from pid=20642 uid=0 gid=0
> nslcd: [8b4567] DEBUG:
> nslcd_pam_sess_c("cwhite","sshd",12345)
> nslcd: [7b23c6] DEBUG: connection from pid=22634 uid=0 gid=0
> nslcd: [7b23c6] DEBUG:
> myldap_search(base="dc=ttinet,dc=local",
> filter="(&(objectClass=ipHost)(ipHostNumber=10.x.x.x))")
> nslcd: [3c9869] DEBUG: connection from pid=22634 uid=0 gid=0
> nslcd: [3c9869] DEBUG:
> myldap_search(base="dc=ttinet,dc=local",
> filter="(&(objectClass=shadowAccount)(uid=cwhite))")
> nslcd: [334873] DEBUG: connection from pid=22634 uid=0 gid=0
> nslcd: [334873] DEBUG:
> nslcd_pam_sess_o("cwhite","sshd","ssh","10.x.x.x","")
>
> the only ip address it seemed to log was the origination ip address (my
> workstation) which I replaced with 10.x.x.x
The host=10.x.x.x lookup is just the reverse hostname lookup that sshd
does on every connection (it doesn't have anything to do with
pam_authz_search). sshd doesn't ask for authentication (I'm assuming you
do key-based authentication here) and skips authorisation (account)
altogether.
If changing /etc/nsswitch.conf or fixing your PAM stack doesn't help,
can you send output of nslcd -d without nscd (or unscd) running?
--
-- arthur - adej...@debian.org - http://people.debian.org/~adejong --
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992737
Title:
Ineffective pam_authz_search filter
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/992737/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 992737] Re: Ineffective pam_authz_search filter
Sadly, I have no idea how to close bugs on Launchpad but I'm glad it's fixed. In case you're interested if shadow information is exposed pam_unix will check that information as well. Since 0.8.4 nslcd will ensure that correct data is returned to pam_unix whether shadow information is exposed or not. Also, since 0.8.3 nslcd will check the shadow properties if they are present in LDAP even if shadow information isn't exposed through nsswitch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/992737 Title: Ineffective pam_authz_search filter To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/992737/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1029062] Re: nslcd upgrade breaks existing nslcd.conf
This has been fixed in development and an upcoming 0.8.10-2 release is expected to fix this. Note that with 0.8.5 or newer the workaround would be to place the empty "base" before the other "base " entries. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1029062 Title: nslcd upgrade breaks existing nslcd.conf To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1029062/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1029656] Re: nslcd does not start on boot everytime
The libgcrypt problem is a known one without a known solution so far. Some background information is here: http://bugs.debian.org/643948 https://bugzilla.redhat.com/506796 It seems to be a bug in either libgcrypt or OpenLDAP (I don't have time to dig into this at the moment though). ** Bug watch added: Debian Bug tracker #643948 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=643948 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1029656 Title: nslcd does not start on boot everytime To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1029656/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
Hi, I've had a quick look at the patch (Patch rev5) but there are a few
problems/questions for inclusion into Debian:
- Debian is currently preparing for the next stable release and as such I don't
think I will upload this change to Debian unstable any time soon as it could
interfere with getting other changes into wheezy.
- Debian doesn't install upstart by default so I don't want to drop the init
script just yet. Do you know how upstart behaves if an init script is also
present? For being included into Debian it should support both init systems
side-by-side.
A few points regarding the patch:
- In nslcd.if-up flock seems to be missing a -c option (I assume the start
command is part of upstart).
- What is the reason for adding the recommendation on
libsasl2-modules-gssapi-mit | libsasl2-modules-gssapi-heimdal? What extra
functionality does it provide to nslcd?
- The post-start script of nslcd checks /etc/init.d/nscd but runs
/usr/sbin/nscd. Invalidating nscd can be a good idea but the script should
check /usr/sbin/nscd (unscd ships a different init script but supports the nscd
command interface).
- The post-stop script stops nscd which it shouldn't do IMO.
- The post-stop script has a debugging date command left over.
- The nslcd.if-up script doesn't support environments without upstart.
- In nslcd.nslcd-k5start.upstart NSLCD_STATEDIR is created before parsing
/etc/default/nslcd.
- In nslcd.nslcd-k5start.upstart there is a section script. Isn't a pre-start
or start missing?
- It seems debian/rules tries to install a nslcd-kerberos.upstart script but it
is named nslcd-k5start.
- debian/rules calls dh_installinit with the --upstart-only option which isn't
supported in Debian.
- Passing --noscripts to dh_installinit makes that nslcd is not restarted on
upgrades.
- I'm not sure the post-start script in nslcd-k5start works correctly if
k5start shouldn't be started ("$K5START_START" != "yes").
(aesthetic point but the scripts use tabs, please only use them in Makefiles)
I've only done a visual inspection of the patch and ran a build but
haven't run any further tests. I also don't have a system with upstart
handy at the moment.
(I did fix the typo in the development repository so that will go into
the next upload)
Thanks for your work on implementing this.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/806761
Title:
Feature Request: Upstart scripts for nslcd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1000205] Re: Upgrade from 10.04 to 12.04 server brakes configuration of nslcd
On Sun, 2012-07-01 at 05:29 +, William Van Hevelingen wrote: > If you prepare a patch you'll want to attach additional SRU > information to the bug ticket for this to go into Precise. Ok, here is my best shot at this. [IMPACT] This bug affects people who use a mix of debconf and manual configuration of the nslcd.conf file or possibly people who are upgrading from an earlier release that does not include the ldap-auth-type debconf configuration setting (there could be more cases). This breaks LDAP authentication on upgrades quietly removing LDAP users from the system and will break it again if the package is upgraded/reinstalled. [TESTCASE] The easiest way to trigger the underlying bug is to use debconf to configure no authentication, then change the config by hand with the binddn and bindpw options and then reinstall or upgrade. apt-get purge nslcd apt-get install libnss-ldapd nslcd [with debconf choose no authentication] [edit /etc/nslcd.conf and set binddn and bindpw] [restart nslcd and verify that getent passwd returns LDAP users] apt-get --reinstall install nslcd You need an LDAP server to test this obviously. [Regression Potential] This fix was in Debian unstable (#670133, fixed in 0.8.8-1) and has not seen any regressions so far. The change could have an affect for debconf preseeding which is quite complex to do right. Preconfiguring nslcd is much simpler when pre-installing an nslcd.conf file (which will be preserved on installation) although debconf preseeding should work for most configurations. [Other Info] While the attached patch fixes this bug it is probably a much better idea to ship 0.8.10 which is targeted towards the next Debian stable release. It is much better tested and fixes a number of known bugs in de 0.8.4 version which was never meant for production use. An overview of the most important packaging changes from 0.8.4 to 0.8.10: * consistently handle whitespace in configuration file during package configuration (thanks Nick) (closes: #641619) * add a versioned dependency on libpam0g to ensure the PAM libraries are multiarch-aware * in debconf, treat the "hard" value for tls_reqcert as if it was "demand" (closes: #642347) * keep nslcd running during package upgrades (closes: #644892) * enable hardening options during build * automatically comment out mapping of uniqueMember to member on upgrades because member is default now * update the X-Start-Before header in the init script to ensure that nslcd is started before the display managers * use the configuration file contents to determine the authentication type, not the debconf database (closes: #670133) (LP: #1000205) * don't clear the tls_reqcert option when using ssl without the start_tls option or an ldaps:// URL (closes: #672301) An overview of the most important upstream changes from 0.8.4 to 0.8.10: * support larger gecos values (closes: #640781) * reduce loglevel of user not found messages to avoid spamming the logs with useless information (thanks Wakko Warner) (closes: #641820) * fix an issue where changes in /etc/nsswitch.conf were not correctly picked up and could lead to lookups being disabled on upgrade (closes: #645599) * provide more detailed logging information for LDAP errors, this should especially help for TLS related problems (based on a patch by Mel Flynn) * fix logging of invalid pam_authz_search value (LP: #951343) * when doing DNS queries for SRV records recognise default ldap and ldaps ports (closes: #661955) * try to prevent some of the Broken pipe messages in nslcd * increase buffer used for pam_authz_search as suggested by Chris J Arges * fix a problem in the handling of PAM requests in nslcd (closes: #670419) * fix a problem that causes the PAM module to prompt for a new password even though the old one was wrong * log successful password change in nslcd Hope this helps. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- ** Patch added: "nss-pam-ldapd-fix-debconf-authentication-0.8.4.patch" https://bugs.launchpad.net/bugs/1000205/+attachment/3211273/+files/nss-pam-ldapd-fix-debconf-authentication-0.8.4.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1000205 Title: Upgrade from 10.04 to 12.04 server brakes configuration of nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1000205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1015375] Re: package cvsd 1.0.22 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
>From the logs it seems that you aborted configuration of cvsd which means that cvsd remains unconfigured and installation cannot continue. At this point dpkg aborts the installation. This doesn't seem like a bug to me but expected functionality. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1015375 Title: package cvsd 1.0.22 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cvsd/+bug/1015375/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 917208] Re: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded)
The _nss_ldap_enablelookups undefined symbol is to be expected when using nslcd with the old nss_ldap. nslcd does not do anything useful when using libnss-ldap, only with libnss-ldapd. For the not working group lookups it would be helpful to have some of the output from getent group, information on how the LDAP database is structured, the nslcd.conf file and perhaps output of nslcd -d while performing a group lookup. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/917208 Title: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/917208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 893806] Re: postinst fails due to sh fat finger
I cannot find the || /bin/true code near adduser in either the Debian packages or the Ubuntu ones. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/893806 Title: postinst fails due to sh fat finger To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/893806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 893806] Re: postinst fails due to sh fat finger
If I download the binary package from http://nl.archive.ubuntu.com/ubuntu/pool/universe/n/nss-pam-ldapd/nslcd_0.7.13_amd64.deb the postinst file doesn't contain || /bin/true. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/893806 Title: postinst fails due to sh fat finger To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/893806/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1000205] Re: Upgrade from 10.04 to 12.04 server brakes configuration of nslcd
There recently were a few bugs regarding upgrades (some fixed) in Debian, see: http://bugs.debian.org/670133 http://bugs.debian.org/672301 Perhaps this is a duplicate of one of these bugs? It would be helpful if you could post versions of nslcd before and after the upgrade and the contents of nslcd.conf. ** Bug watch added: Debian Bug tracker #670133 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670133 ** Bug watch added: Debian Bug tracker #672301 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=672301 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1000205 Title: Upgrade from 10.04 to 12.04 server brakes configuration of nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1000205/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
I have been looking at trying to integrate the patch but I still don't have a really good feeling about this whole upstart thing and I don't really have a proper way to test this. For example I still don't really understand why the whole thing with the if-up file is required. It seems like a very ugly hack and slows down boot-up by enforcing serial initialisation of network interfaces. Wouldn't something like this work: start on runlevel [2345] and net-device-added INTERFACE!=lo (or some other condition which just means that networking is available) I still can't seem to wrap my mind around how upstart is supposed to work given the examples I've seen though. For example, in Debian there is a file /etc/init/networking.conf which seems to automatically bring down networking if all remote filesystems are unmounted. For the relation between the nslcd and the nslcd-k5start services, wouldn't it be a nicer solution to only emit an event (for example from the nslcd service configuration) when the nslcd-k5start service is really needed? That way upstart wouldn't try to start it if it isn't needed. Do you know how the dependency information that is available in the init script can be modelled in upstart? For example nslcd should be running before most mail servers because otherwise mail could bounce. Also, a nicer solution to the wait until the cache is actually established loop is a trick I've seen in some other upstart script: only define an pre-start script that starts the service and no bare script or exec. The nslcd upstart job clears the nscd cache. Why is this needed exactly? It is probably better to avoid /etc/deftault/nslcd altogether for the upstart config and put everything in the upstart config file. It should probably also be OK to hard-code the nslcd user and group names instead of getting it from the configuration. The call to dh_installinit --name=nslcd-k5start in debian/rules causes a lintian error and a warning. Just installing the file in debian/nslcd.conffile (nslcd.nslcd-k5start.upstart /etc/init/nslcd- k5start.conf) works better. An alternative would be to either also split the init scripts or to combine the upstart configurations. All in all, I think it is better to have a change like this first uploaded and tested in Ubuntu before I add it to the Debian packages. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 917208] Re: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded)
You mean you are using libnss-ldap and libpam-ldapd together? It should work fine I guess but isn't a very common configuration (at least to my knowledge). The warning is just that: a warning. It warns for something that usually doesn't happen. It can be safely ignored if you are knowingly not using nslcd with libnss-ldapd. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/917208 Title: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/917208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1074213] Re: nslcd ldap_result failed error spam in syslog
Just to be clear: nslcd is not a replacement for nscd. It does not do caching. The "Can't contact LDAP server" messages can happen when an existing connection to the LDAP server is terminated for some reason. One common cause for this is networking timeouts in a firewall or a idle timeout in the LDAP server. Using idle_timeout is a good approach to close the connection cleanly before it times out. Debian bug #483795 is about another message that was logged when (re)connecting to the LDAP server (the "connected to LDAP server" messages). These messages should now only be logged when the previous connection failed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1074213 Title: nslcd ldap_result failed error spam in syslog To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1074213/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1020303] Re: nslcd drops supplemental groups when dropping privileges
This was changes in 0.8.11 which was uploaded as 0.8.11-1 to Debian experimental (in experimental mostly to avoid problems for the upcoming Debian stable release). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1020303 Title: nslcd drops supplemental groups when dropping privileges To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1020303/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 806761] Re: Feature Request: Upstart scripts for nslcd
I've been looking into integrating the patch into Debian. The spelling fix was easy so that will be done with the next upload ;) However, I have a few questions about the upstart scripts: - Why was the init script dropped? Isn't it better to keep both so that systems without upstart can still start nslcd? - Why was the script split into two parts? - Are you sure the upstart script should exit with status 1 if it is not cofigured to start (sasl_mech isn't set in nslcd.conf)? - Why are both scripts logging to /tmp with a predictable name? - A lot of checks are duplicated in the pre-start script and the script. Isn't there a nicer way of avoiding this duplication? Can you explain what the extra suggestions add (I'm not much of a Kerberos user myself)? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/806761 Title: Feature Request: Upstart scripts for nslcd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 917208] Re: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded)
If you mean whether the memberOf attribute will be supported in nss-pam- ldapd the answer is when someone provides a patch ;) Adding support is a bit tricky, especially for reverse lookups and doesn't add much if you're already using the uniqueMember attribute (which you appear to do). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/917208 Title: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/917208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 940092] Re: package nslcd 0.7.13 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1
>From your DpkgTerminalLog it seems that you chose Cancel when prompted for the LDAP server URI. This means that the configuration of the package is aborted which means it cannot be installed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/940092 Title: package nslcd 0.7.13 failed to install/upgrade: subprocess installed post-installation script returned error exit status 1 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/940092/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 917208] Re: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded)
You mean that the group members are missing? You probably need map group member uniqueMember since in the 0.8 series the default has been changed to use the member attribute instead of the uniqueMember attribute. Note that nss-pam-ldapd doesn't currently support the memberOf attribute (which seems to be introduced by an overlay sometimes). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/917208 Title: nslcd: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/917208/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 801675] Re: cvsd: no such system user -- missing library in chroot jail?
Can you try cvsd-buildroot from cvsd 1.0.22? If that doesn't help please include the output of cvsd-buginfo. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/801675 Title: cvsd: no such system user -- missing library in chroot jail? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cvsd/+bug/801675/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 801675] Re: cvsd: no such system user -- missing library in chroot jail?
Could you provide the output of the following: find /etc/ld.so.conf* -type f | xargs cat | grep '^/' On my system it includes the /lib/*-linux-gnu directory. This is what cvsd-buildroot uses (from 1.0.22). If anyone with more multiarch know-how then myself could provide a better way to do this than to search /lib/*-*-*/libnss_compat.so.2 it would be nice. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/801675 Title: cvsd: no such system user -- missing library in chroot jail? To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/cvsd/+bug/801675/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 841660] Re: nslcd complains about / in groupnames
** Package changed: nss-ldapd (Ubuntu) => nss-pam-ldapd (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/841660 Title: nslcd complains about / in groupnames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/841660/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 841660] Re: nslcd complains about / in groupnames
nss-pam-ldapd has reasonably strict checking of user and group names to avoid problematic users existing by accident on the system. Version 0.8.2 introduces the validnames option that allows you to set a regular expression that will be used to filter valid names. Note that nslcd is completely separate from nscd. libnss-ldapd requires nslcd and recommends nscd to ease the load on the LDAP server. libnss- ldap doesn't use nslcd and also recommends nscd for the same reason. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/841660 Title: nslcd complains about / in groupnames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/841660/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 841660] Re: nslcd complains about / in groupnames
On Tue, 2011-09-06 at 06:23 +, Klavs Klavsen wrote: > The version in Ubuntu Lucid is unfortunately 0.7.2 - so the very welcome > validnames option in v0.8.2 is really not helpful, as I can only run LTS > versions in my production environment. > > Would you welcome a patch against the 0.7.2 package, which added the > validnames option ? I'm not responsible for the Ubuntu package (I'm upstream) so can't comment on that part but the implementation of the validnames option in the 0.8 series is here: http://arthurdejong.org/viewvc/nss-pam-ldapd/?revision=1411&view=revision with another small change here: http://arthurdejong.org/viewvc/nss-pam-ldapd/?revision=1419&view=revision Another option would be to just allow the slash in nslcd/common.c. If Ubuntu is considering updating this package in their LTS release anyway it may also be a good idea to look at all the other things that have been fixed in the 0.7 series. Quite a few bugs were fixed and Debian ships 0.7.13 in stable which is much better tested than 0.7.2. Thanks, -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/841660 Title: nslcd complains about / in groupnames To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/841660/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622035] Re: cvsd can not runing
Could you include the output of "cvsd -d" (as root)? It seems that cvsd thinks that port 2401 is already bound. Can you also report the output of "sysctl net.ipv6.bindv6only" (as root)? If you are not using IPv6 you could change the bind statement in cvsd.conf to "Listen 0.0.0.0 2401" to force the use of IPv4 only. Also a patch is available here: http://arthurdejong.org/viewvc/cvsd/cvsd.c?r1=1.117&r2=1.118 that should also fix this. -- cvsd can not runing https://bugs.launchpad.net/bugs/622035 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo
Regarding the pam_check_host_attr and pam_check_service_attr options of pam_ldap, nslcd has a pam_authz_search option that can replace functionality of those options (and much more). This option has been in nss-pam-ldapd since version 0.7.4. Any other feature requests (and bug reports) are very much welcome on the nss-pam-ldapd-users mailing list. Regarding the previous comment, could you file a bug report on the nss- pam-ldapd package if you think the problem is there? From the log it shows that only three lookups for the user "user333" came in. No authentication requests were done for that user (at least not through nslcd). -- NSS using LDAP+SSL breaks setuid applications like su and sudo https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 585966] Re: nslcd doesn't failover to backup server on authentication (bind)
If Ubuntu wants to address this issue I can probably assist in backporting this fix to 0.7.2 if that is needed. -- nslcd doesn't failover to backup server on authentication (bind) https://bugs.launchpad.net/bugs/585966 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 622035] Re: cvsd can not runing
If cvsd fails to start it should log the reason to syslog (check /var/log/syslog). Also cvsd has a script included (cvsd-buginfo) that gathers all needed information for most bug reports and checks for common misconfigurations. Can you check /var/log/syslog and provide the output of cvsd-buginfo? -- cvsd can not runing https://bugs.launchpad.net/bugs/622035 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
