| 2008-03-10 15:53:31 |
Sergei A. Beilin |
description |
Binary package hint: libnss-ldap
When using LDAP as a users/group storage and name service switch to get them from, one can notice that for some users their group information cannot be fetched. This could fail for both local-users and ldap-users, as well can be successfull for ldap-users.
$ id root
uid=0(root) gid=0(root)Aborted (core dumped)
As a normal user:
$ id avahi
uid=108(avahi) gid=118(avahi)Aborted (core dumped)
As root:
$ sudo id avahi
uid=108(avahi) gid=118(avahi)id: failed to get groups for user `avahi': No such file or directory
$ id toor
uid=1000(toor) gid=1000(A_Mathematics) groups=1000(A_Mathematics),4(adm),20(dialout),24(cdrom),25(floppy)
'toor' is the only 'local' user for wich the call succeeds! Note, in this example, that '1000(A_Mathematics)' is a group from LDAP, all others are from /etc/group.
'feisty' and 'gutsy' , as well as 'Debian 4.0' machines always resolve groups from the same LDAP server. Also tested on a LDAP server with only 2 users and 2 groups, always fails for Hardy and works for older versions.
This problem prevents most of local daemons (avahi, dbus, etc.) from start!
Workaround: disable ldap for groups in /etc/nsswitch.conf, so that users are resolved both from files and ldap while groups only from files.
libnss-ldap: 258-1ubuntu2
libc6: 2.7-5ubuntu2 |
Binary package hint: coreutils
When using LDAP as a users/group storage and name service switch to get them from, one can notice that for some users their group information cannot be fetched. This could fail for both local-users and ldap-users, as well can be successfull for ldap-users.
$ id root
uid=0(root) gid=0(root)Aborted (core dumped)
As a normal user:
$ id avahi
uid=108(avahi) gid=118(avahi)Aborted (core dumped)
As root:
$ sudo id avahi
uid=108(avahi) gid=118(avahi)id: failed to get groups for user `avahi': No such file or directory
$ id toor
uid=1000(toor) gid=1000(A_Mathematics) groups=1000(A_Mathematics),4(adm),20(dialout),24(cdrom),25(floppy)
'toor' is the only 'local' user for wich the call succeeds! Note, in this example, that '1000(A_Mathematics)' is a group from LDAP, all others are from /etc/group.
'feisty' and 'gutsy' , as well as 'Debian 4.0' machines always resolve groups from the same LDAP server. Also tested on a LDAP server with only 2 users and 2 groups, always fails for Hardy and works for older versions.
This problem prevents most of local daemons (avahi, dbus, etc.) from start!
Workaround: disable ldap for groups in /etc/nsswitch.conf, so that users are resolved both from files and ldap while groups only from files.
libnss-ldap: 258-1ubuntu2
libc6: 2.7-5ubuntu2 |
|
