GDM login hangs when using ldap

*** Bug 21259 has been marked as a duplicate of this bug. ***

Thanks for your bug. I'm not sure of what could causes that and I've no ldap
setup to play with that. I've forwarded your issue upstream:
http://bugzilla.gnome.org/show_bug.cgi?id=315846

*** Bug 21548 has been marked as a duplicate of this bug. ***

The upstream bug has 2 comments, could one of you reply to the question asked,
it's not likely to be fixed without that ...

I had this same problem.

The only way I could fix it was to change the boot order. I moved it from 13 to
21 and that seemed to fix it. The downside is that it makes usplash useless as
it jumps out of usplash too quickly (while hotplug is still initializing).

I justed upgraded from Hoary to Breezy, and I am experiencing this problem on
one of my machines. My other machine is a powerpc and it seems to be working
fine in this regard. Unfortunately, I don't have another x86 to test this on.

Greg

Downgrading to hoary's gdm does not fix the problem for me. It is probably safe
to assume that the problem lies in another package or is due to misconfiguration.

Greg

I have just upgraded about half the office to breezy after the testing went
pretty well. I found this bug was still present, and I found that there is too
parts to it.

The first half is pretty well covered in the discussion here. The other half of
the problem is caused by poor packaging, see
https://launchpad.net/distros/ubuntu/+source/libnss-ldap/+bug/3688 for more info.

The end result is moving from hoary to breezy is a lot more time consuming than
it needs to be just because a common office environment config hasn't been tested.

I checked that making only one of the changes would fix the problem, but I found
both changes needed to be made in order for gdm to work. Obviously libnss-ldap
being fubar'd means logins won't work.

Console logins work fine when libnss-ldap is properly configured, so IMHO this
is a problem with when gdm is started

</rant>

I have an ldap server separate from the laptop where I'm having problems, the server is up at all times, the laptop hangs at GDM but console log-in still works.

I moved gdm down to S21gdm in /etc/rc2.d/ and the issue persists. My network is as follows:

[ROUTER] 192.168.1.1
   |
[Switch]--[LDAP-svr] 192.168.1.40
 |--[Laptop] DHCP
 |--[Desktop] 192.168.1.51

I have attached current configurations for pam and nss. There is a README in there to get you started . This should be quite enough to clone my setup.

If you need any more information add a comment. This should be enough information to work out an LDAP server/client auth.

Thank you for the work on that. Is there anybody with a ldap setup wanting to work with upstream on that?

I forgot to update this, but in dapper as of a few weeks ago this now seems to be fixed. In gnome 2.14 there seems to be some better error handling.

I will list some gotcha here for google to find and hopefully help others:

* you must use TLS/SSL or gdm will refuse to use ldap auth - double check that is using tls/ssl
* Double check your user permissions in ~/ - chmod go-wx ~/.dmrc and chmod go-x ~/ (minimum)

I also found it seems to be a little faster with nscd (in universe and little broken) and "files ldap" in my nsswitch instead of "ldap files" which I suspect because the queries are cached the system accounts/groups are not failing ldap lookup before being checked in files.

I still have a spare box I can throw breezy on if it will help, but I am pretty confident it is fixed in dapper.

Stian, John, could you try with dapper?

Ohh, I had totally forgot about this bug. As you can see in the upstream bugreport, I found a workaround for this bug. And now, with Dapper, I can't even reproduce it at all. So at least for me, this bug can be closed :) Sorry for not telling about it earlier.

No problem, closing as fixed. Feel free to reopen if you get the issue again