Comment 0 for bug 315241

Package: libnss-ldap
Version: 238-1
Severity: normal

I'm starting to migrate /etc/ethers into LDAP. I've added the following entry:

# mosu, ethers, bs.linet-services.de
dn: cn=mosu,ou=ethers,dc=bs,dc=linet-services,dc=de
cn: mosu
macAddress: 00:04:75:AD:B5:8E
objectClass: device
objectClass: ieee802Device
objectClass: top

/etc/nsswitch.conf and /etc/libnss-ldap.conf have been modified to do
lookups via LDAP. And it does indeed work -- at least partially:

0 mbunkus@ls-bs-si2:~$ getent ethers mosu
0:4:75:ad:b5:8e mosu
0 mbunkus@ls-bs-si2:~$ getent ethers 0:4:75:ad:b5:8e
2 mbunkus@ls-bs-si2:~$

Looking at the traffic with tcpdump/Ethereal reveals that the second lookup
results in the wrong filter being used:

(&(objectclass=ieee802Device)(macAddress=68:f9:ff:bf:e0:bb))

Putting that entry into /etc/ethers and removing it from the LDAP makes
the second lookup work just fine. Therefore my guess is that libnss-ldap
is to blame (maybe not, but I certainly lack the insight to make that call).

I'll be happy to provide any additional information you might need.

Thanks,
Mosu

-- System Information:
Debian Release: 3.1
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: i386 (i686)
Kernel: Linux 2.4.28
Locale: LANG=C, LC_CTYPE=de_DE@euro (charmap=ISO-8859-15)

Versions of packages libnss-ldap depends on:
ii debconf 1.4.30.11 Debian configuration management sy
ii libc6 2.3.2.ds1-21 GNU C Library: Shared libraries an
ii libkrb53 1.3.5-1 MIT Kerberos runtime libraries
ii libldap2 2.1.30-3 OpenLDAP libraries

-- debconf information:
* libnss-ldap/dblogin: false
  libnss-ldap/override: true
* shared/ldapns/base-dn: ou=accounts,dc=bs,dc=linet-services,dc=de
* shared/ldapns/ldap-server: ls-bs-si1.bs.linet-services.de
* libnss-ldap/confperm: false
* shared/ldapns/ldap_version: 3
  libnss-ldap/binddn: cn=proxyuser,dc=example,dc=net
* libnss-ldap/nsswitch: