Ubuntu
libnss-ldap package

ldap not working with Gutsy

Bug #156562 reported by tuharsky on 2007-10-24

This bug report is a duplicate of: Bug #155947: libnss-ldap: calls to initgroups() causes boot to hang when using 'bind_policy hard'. Edit Remove

Affects		Status	Importance	Assigned to	Milestone
	libnss-ldap (Ubuntu)	New	Undecided	Unassigned

Bug Description

Binary package hint: libnss-ldap

I have installed libnss-ldap and related packages in order to authenticate against LDAP server.
During installation, I have been asked for server information, LDAP version etc.
However, this information has been placed NOWHERE in /etc. It seems that Ubuntu simply drops the information! It dosent set up ANY needed configuration for LDAP auth!
Strange, that there is /etc/ldap.conf both with /etc/ldap/ldap.conf (this one is not efective, all rows commented)

Then I managed all the needed files manually: /etc/ldap/ldap.conf, /etc/ldap/ldapserver, /etc/pam.d/login, /etc/pam.d/common-account, /etc/nsswitch.conf and so on. I did it the way that has WORKED with Feisty Fawn and Debian Etch before.

After reboot, system fails to boot. It stops on "Starting kernel log daemon" forever.

When I set passwd, group and shadow parameters in nsswitch.conf back to "compat", it starts normally, however when I set them to "compat ldap files", fails to boot again.

Revision history for this message

Sebastiaan Veldhuisen (sveldhuisen) wrote on 2007-10-24: Re: [Bug 156562] ldap not working with Gutsy

Ik ben afwezig tot maandag 5 november. U kunt zonodig contact opnemen met Dhr. M. Papenhove, <email address hidden> of Dhr E. Papenhove, <email address hidden>, tel. 0172-491416.

Met vriendelijke groet,
Sebastiaan Veldhuisen

Revision history for this message

tuharsky (tuharsky) wrote on 2007-10-24:

This is dupe of #155947

Revision history for this message

Sebastiaan Veldhuisen (sveldhuisen) wrote on 2007-10-24: Re: [Bug 156562] Re: ldap not working with Gutsy

Ik ben afwezig tot maandag 5 november. U kunt zonodig contact opnemen met Dhr. M. Papenhove, <email address hidden> of Dhr E. Papenhove, <email address hidden>, tel. 0172-491416.

Met vriendelijke groet,
Sebastiaan Veldhuisen

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2007-10-24:

libnss-ldap and libpam-ldap now use the unified configuration file /etc/ldap.conf. /etc/ldap.conf can be managed with the ldap-auth-config package and can be setup automatically by running:

dpkg-reconfigure -plow ldap-auth-config

Note that if ldap-auth-config detects a previous LDAP configuration you will be asked to migrate manually or to reconfigure through debconf.

Jamie Strandboge (jdstrand) on 2007-10-24

Changed in libnss-ldap:
assignee:	nobody → jamie-strandboge

Revision history for this message

Bill MacAllister (whm-stanford) wrote on 2008-01-15:

While it is correct that the reconfigure should get you a valid ldap.conf file it does not necessarily fix the problem. Specifically if the ldap server referenced in ldap.conf is the local system the boot will never complete. The only way that I was able to work around this problem was to reference a remote ldap server on the host line in ldap.conf. For example:

host 127.0.0.1 123.123.123.123

The one caveat to my examination of this problem is that the servers I was testing with were running a custom build of openldap that was started using a script in /etc/init.d. It might be possible to start the ldap server earlier in the boot process. I haven't investigated that yet.

Jamie Strandboge (jdstrand) on 2008-10-16

Changed in libnss-ldap:
assignee:	jdstrand → nobody

Revision history for this message

xteejx (xteejx-deactivatedaccount) wrote on 2009-06-25:

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 155947, so it is being marked as such. In future you can do this yourself by clicking "Mark as duplicate" at the top of the bug report and entering the duplicate number. Feel free to continue to report any other bugs you may find.