Since 8.10 (Intrepid), the Ubuntu Server Guide section regarding LDAP authentication references the auth-client-config and libnss-ldap packages. However, following these instructions when using LDAP with TLS breaks various authentication functions in 9.10 (Karmic). After determining this issue still exists (nearly 7 months later) in the beta release of 10.04 (Lucid), I began looking for new workarounds. I found a package first available in Karmic, nslcd, which also installs libnss-ldapd, nscd, and several other dependencies. All of the latter packages exist in the 'universe' component. I removed the nscd package for testing purposes. Using the configuration provided in the opening post for this bug report, 'su' and 'sudo' now function properly. Although I'm still unsure as to the exact origin of this issue (e.g., eglibc, libnss-ldap, sudo, etc.), replacing libnss-ldap with libnss-ldapd probably provides the core of this workaround.
Since 8.10 (Intrepid), the Ubuntu Server Guide section regarding LDAP authentication references the auth-client-config and libnss-ldap packages. However, following these instructions when using LDAP with TLS breaks various authentication functions in 9.10 (Karmic). After determining this issue still exists (nearly 7 months later) in the beta release of 10.04 (Lucid), I began looking for new workarounds. I found a package first available in Karmic, nslcd, which also installs libnss-ldapd, nscd, and several other dependencies. All of the latter packages exist in the 'universe' component. I removed the nscd package for testing purposes. Using the configuration provided in the opening post for this bug report, 'su' and 'sudo' now function properly. Although I'm still unsure as to the exact origin of this issue (e.g., eglibc, libnss-ldap, sudo, etc.), replacing libnss-ldap with libnss-ldapd probably provides the core of this workaround.