| View previous topic :: View next topic |
| Author |
Message |
loux.thefuture
Tux's lil' helper
Joined: 15 Nov 2005
Posts: 135
|
 Posted: Sat May 27, 2006 6:10 pm Post subject: [solved] nsswitch.conf ldap nss_ldap-249 |
 |
|
Hello,
everything were good
but today i have a problem with nss_ldap (i emerge nss_ldap-249)
when i shutdown slapd
i'm not able to do "su ldap" anymore,
my nsswitch.conf is : xxx compact ldap
and ldap is in my /etc/passwd file
but nss_ldap try to bind 4 seconds, 8 seconds, ...
i found that nss_ldap-249 has a trouble with it
so i emerge nss_ldap-239-r1 and everything goes right
so make be careful with nss_ldap-249
loux
_________________
"So long and thanks for all the fishs !" |
|
| Back to top |
|
 |
c0vert
Guru
Joined: 27 Aug 2004
Posts: 355
|
| Posted: Sun May 28, 2006 12:40 am Post subject: |
|
|
hmm, I had the same problem. THanks
_________________
AMD 64 3000+
1 Gig Corsair DRR400 RAM
ATI RAdeon 9800 Pro
KN8E-deluxe
SATA 120 Gig Seagate |
|
| Back to top |
|
|
jayjay
n00b
Joined: 18 Jun 2003
Posts: 34
Location: Germany
|
| Posted: Sun May 28, 2006 8:36 pm Post subject: |
|
|
Damn,
took me a lot of time this afternoon to find out!
I did an "emerge -e world" last night and after
that ldap was broken.
sys-auth/nss_ldap-249 is broken.
Cheers JJ |
|
| Back to top |
|
|
robbat2
Developer
Joined: 19 Feb 2003
Posts: 82
|
| Posted: Mon May 29, 2006 12:03 am Post subject: |
|
|
Would each of you please file seperate bugs, assigned straight to ldap-bugs@gentoo.org?
Also, consider bug #134473.
249 works for me, and at least one other user (once he changed his configuration).
Include:
1. The uncommented lines from /etc/ldap.conf
2. emerge --info
3. Uncommented lines from: /etc/ssh/sshd_config
4. Uncommented lines from: /etc/pam.d/system-auth
5. Uncommented lines from: /etc/nsswitch.conf
Using the data from ldap.conf, construct your version of this, and show me the command and the output
| Code: | | ldapsearch -v -x -b ${nss_base_passwd} -s one -h ${host} uid=${username} |
OR
| Code: | | ldapsearch -v -x -b ${nss_base_passwd} -s one -H ${uri} uid=${username} |
Use the first variant if you use a 'host' line in ldap.conf, and the second one if you use 'uri'. |
|
| Back to top |
|
|
Hagar
Guru
Joined: 11 Feb 2003
Posts: 445
|
| Posted: Tue May 30, 2006 10:59 pm Post subject: |
|
|
I've experienced the same behaviour back when 249 was introduced to ~amd64.
At the time I didn't feel like diving into it so I masked it and kept using 239.
But now the 250 release bit me again and I started to look around for some information.
I'll post some details to the bugreport that brought me here tomorrow ( https://bugs.gentoo.org/show_bug.cgi?id=134966 )
But I do want to share one thing:
| Code: | # genlop -t nss_ldap
* sys-auth/nss_ldap
Mon Jul 25 17:11:10 2005 >>> sys-auth/nss_ldap-239-r1
merge time: 1 minute and 49 seconds.
Mon Jul 25 21:11:57 2005 >>> sys-auth/nss_ldap-239-r1
merge time: 1 minute and 34 seconds.
Sat Feb 25 15:39:09 2006 >>> sys-auth/nss_ldap-249
merge time: 39 minutes and 31 seconds.
Sun Feb 26 12:23:19 2006 >>> sys-auth/nss_ldap-239-r1
merge time: 1 minute and 44 seconds.
Tue May 30 18:33:27 2006 >>> sys-auth/nss_ldap-250
merge time: 40 minutes and 58 seconds. |
Howcome the releases after 239 have such ridiculous high merge times?
Edit: Ok that last question answered itself after merging nss_ldap with the debug flag.
It seems it tries to bind to the ldap server before merging. |
|
| Back to top |
|
|
robbat2
Developer
Joined: 19 Feb 2003
Posts: 82
|
|
| Back to top |
|
|
loux.thefuture
Tux's lil' helper
Joined: 15 Nov 2005
Posts: 135
|
| Posted: Fri Jun 02, 2006 9:11 pm Post subject: |
|
|
Hello,
the lines in /etc/ldap.conf for ssl are :
ssl start_tls
ssl on
is it good ?
loux
PS : why disabling it resolve the trouble ?
_________________
"So long and thanks for all the fishs !" |
|
| Back to top |
|
|
robbat2
Developer
Joined: 19 Feb 2003
Posts: 82
|
| Posted: Fri Jun 02, 2006 9:59 pm Post subject: |
|
|
remove 'ssl on'
and leave only 'ssl start_tls' |
|
| Back to top |
|
|
|
Networking & Security
