LDAP and AD connection problem with hardy
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libnss-ldap (Ubuntu) |
Triaged
|
Low
|
Unassigned |
Bug Description
Binary package hint: libnss-ldap
Hello,
I have a strange problem after upgrading from gutsy to hardy. The user identification via LDAP Microsoft AD does not work anymore.
The /etc/ldap.conf and /etc/nsswitch.conf seems to be okay. "getent password" and "getent group" delivers the info from AD I expect.
"ssh" and "id" hangs!
If I set "bind_policy soft" in /etc/ldap.conf, I get the following error:
#id user
id: result.c:112: ldap_result: Assertion `ld != ((void *)0)' failed.
uid=10039(user) gid=10147(
and in /var/log/auth.log I found the following:
Apr 28 16:04:36 hostname id: nss_ldap: could not search LDAP server - Server is unavailable
If I delete the "ldap" in /etc/nsswitch.conf from "group", no hangers or errors anymore, but I can only see the local groups.
Exactly the same config under gutsy (7.10) works great.
The problem occurs on a hardy upgrade and on a hardy fresh installation.
I compiled and installed openldap 2.4.8 and nss_ldap 260 on my own (with the options I founds in the Ubuntu-
Thread in Ubuntu Forum:
http://
# lsb_release -rd
Description: Ubuntu 8.04
Release: 8.04
# apt-cache policy libnss-ldap
libnss-ldap:
Installed: 258-1ubuntu3
Candidate: 258-1ubuntu3
Version table:
*** 258-1ubuntu3 0
500 http://
100 /var/lib/
Changed in libnss-ldap (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Low |
I had similar problems which seemed to be caused by 1 of the groups in AD not having a GID assigned.
Try assigning a GID to every group the user is a member of, don't forget nested groups.