On Fri, Sep 24, 2010 at 16:46:25 -, Nathan Stratton Treadway wrote:
> As greenmoss found, when I was running with libpam/nss-ldap and
> no nscd (and didn't have any of the users in question listed in
> the "ignoreusers" line), my "at" commands worked for LDAP users
> but not for ones defined in
On Wed, Sep 22, 2010 at 22:26:31 -, greenmoss wrote:
> My bug 509734 was marked as a duplicate of this one. This was a special
> case using the atd job scheduler. At jobs launched by ldap users worked,
> but at jobs launched by root did *not* work. atd was doing a group
> lookup, and nss was dr
My bug 509734 was marked as a duplicate of this one. This was a special
case using the atd job scheduler. At jobs launched by ldap users worked,
but at jobs launched by root did *not* work. atd was doing a group
lookup, and nss was dropping privileges, thus breaking root-launched at
jobs. To work a
We had the same problem over here - upgrading from Debian Lenny to Testing...
The problem is caused by a change in the configuration files, which have
apparently changed in the different versions of openldap. Reinstall ldap to get
the original configuration files. /etc/ldap.conf seems to be the n
Regarding the pam_check_host_attr and pam_check_service_attr options of
pam_ldap, nslcd has a pam_authz_search option that can replace
functionality of those options (and much more). This option has been in
nss-pam-ldapd since version 0.7.4.
Any other feature requests (and bug reports) are very mu
nslcd is a fail on lucid for me. Trying to start from upstart fails.
Running it by hand in debug mode works but when trying to su from one
LDAP user to another it again fails:
# service nslcd start
* Starting LDAP connection daemon nslcd nslcd: unable to daemonize: No
such device
See
same here (like comment #92). I can su to any local user not just root.
Trying to su to any LDAP user results in 'su[***]: initgroups failed for
user `atest': Operation not permitted'
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You rece
Googlebait: This also breaks apache2 suexec, as initgroups() fails,
resulting in the error "failed to setgid".
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, which
I have the same symptoms on Lucid:
With nscd I can at least su to root but not to any other LDAP user
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subsc
I was a bit disheartened to see this is an actual bug - be it because of
X package or not, of the two workstations at my desk, the fedora13 box
has no problems (and uses nscd) and the ubuntu one does.
Reading here, I saw the libnss-ldapd suggestion, tried it, worked fine.
Regarding Hark's comment
I'm sorry, my previous comment didn't hold up to scrutiny. A reboot
seems to have gotten rid of those errors
The GUI authentication dialogue is asking for the root password rather
than the password of the logged in user. Does anyone know if this is
the intended behavior?
--
NSS using LDAP+
My experience with libnss-ldap is that nscd allows sudo but not su.
Also the GUI authentication doesn't work.
I just got around to testing libnss-ldapd and I can verify that both sudo and
su work there.
Ubuntu's gui authentication process does not work though. When you try
to perform a privile
Also confirming that installing nscd was successful as a workaround for
me. Also worth noting that my symptoms of this issue matched those
explained above. This is on a fresh 10.04 install.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
Yo
For me both workarounds in the release notes aren't very usable, unfortunately.
I can't use libnss-ldapd as the pam_check_host_attr and pam_check_service_attr
options in libnss-ldap are essential for me, but as Ian Gordon wrote
libnss-ldapd doesn't support these.
The other solution (nscd) is usa
** Tags added: patch
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/contrib/slapd-
modules/nssov/README?rev=1.11
It's an overlay for OpenLDAP slapd which implements all of the nss and
pam calls, replacing Arthur deJong's nslcd.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launc
Could you provide a link to explanation of what nssov is and maybe how
to use it?
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
That's unfortunate, I didn't realize libpam-ldapd was so incomplete. You
can still use nssov for full pam support.
Your best option for an immediate fix is still the libgcrypt patch I
posted. Without that basically all Karmic and Lucid nss-ldap+SSL
installations are dead in the water. As a longer
This bug also affects new installations.
Installing nscd does not fully fix the problem as it leaves su unable to
su from an ldap user to another ldap user and a local user unable to su
to an ldap user. Error is "setgid: Operation not permitted"
libpam-ldapd/libnss-ldapd does not support all the
** Changed in: libgcrypt11 (Debian)
Status: Unknown => Confirmed
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-b
** Bug watch added: Debian Bug tracker #566351
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
** Also affects: libgcrypt11 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
Importance: Unknown
Status: Unknown
--
NSS using LDAP+SSL breaks setuid applica
I don't see that this requires any changes to the release notes text,
though.
** Changed in: ubuntu-release-notes
Status: Confirmed => Fix Released
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification b
This bug was introduced in karmic, so upgrade from karmic to lucid shouldn't be
affected.
But for instance all upgrades from last LTS release (not only Ubuntu Server)
will get affected.
** Changed in: ubuntu-release-notes
Status: Fix Released => Confirmed
--
NSS using LDAP+SSL breaks se
Updated text with:
== NSS resolution breaks with LDAP over SSL in Ubuntu Server ==
Upgrading systems configured to use LDAP via SSL as the first service in
the NSS stack (in /etc/nsswitch.conf) leads to broken NSS resolution
afterwards such that `setuid` applications like `sudo` would stop
workin
Please use the Release note from the description instead of the one in
comment 66.
** Changed in: ubuntu-release-notes
Status: Fix Released => Confirmed
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notificat
Added this text to the release notes:
== NSS resolution breaks with LDAP over SSL in Ubuntu Server ==
Upgrading systems configured to use LDAP via SSL as the first service in
the NSS stack (in /etc/nsswitch.conf) leads to broken NSS resolution
afterwards such that applications like sudo would sto
** Tags added: regression-release
** Changed in: libgcrypt11 (Ubuntu Lucid)
Milestone: None => lucid-updates
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Bugs, wh
The nscd workaround does work for me under Lucid.
I haven't had a problem using nscd under 9.10 either, though my systems have
very light traffic.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because
** Description changed:
On Karmic (alpha 4 plus updates), changing the nsswitch.conf 'passwd'
field to anything with 'ldap' as the first item breaks the ability to
become root using 'su' and 'sudo' as anyone but root.
Default nsswitch.conf:
passwd: compat
group:
** Summary changed:
- NSS using LDAP on Karmic breaks 'su' and 'sudo'
+ NSS using LDAP+SSL breaks setuid applications like su and sudo
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a mem
30 matches
Mail list logo
