[Cooker] Re: [CHRPM] nss_ldap-211-1mdk

Wed, 05 Nov 2003 03:26:16 -0800

On Wed, Nov 05, 2003 at 10:59:32AM +0100, Dominique Petitpierre wrote:
On 2-Nov-03 at 17:58, Luca Berra ([EMAIL PROTECTED]) wrote: 
it hasn't got a damn to do with cert7.db
it is related to: rfc2307bis support

-------------------- from README -----------------------------------
Compiling with -DRFC2307BIS adds rfc2307bis support, which at the
moment just gets you support for groups with distinguished name
members (instead of login names). A posixGroup can thus have the
both memberUid and uniqueMember attributes.


So it would mean it is either due to the version of the LDAP software
(in my case SunOne Directory Server 5.1, LDAP v3), or to the
particular schema used for posixGroup (defined in the default schemas
in DS 5.1).  The strange thing is that my ldap.conf does not contain a
rfc2307bis is a Sun addition

nss_base_group directive.  I also checked the LDAP server access log,
there is no activity related to posixGroup (only to
objectClass=posixAccount and objectClass=shadowAccount).  My strace
observations showed that the process would fail right after reading
ldap.conf, before any connection is established.  So maybe the

which version of ldap are you speaking about?
207 should exibit the problem only if it finds an
uniqueMember in the cn=...,ou=Group,dc=...,dc=..
211 would exibit the problem immediatly (independent of sslpath)

triggering factor was the directive "ldap_version 3" but Buchan
Milne's ldap.conf had that line as well as a nss_base_group directive
without exhibiting the problem.
So I am still inclined to think that "sslpath /etc/ssl/certs/cert7.db"
is what triggered the symptoms I observed with the old nss_ldap version.
looking at the source code it does not work this way....

_nss_ldap_parse_gr() contains code:
#ifndef RFC2307BIS
....
#else
...
vals = ldap_get_values (ld, e, AT (uniqueMember));
if (vals != NULL) {
....
stat = _nss_ldap_dn2uid (ld, *valiter, &uid, &buffer, &buflen);

And _nss_ldap_dn2uid()
calls
dn2uid_cache_put (dn, *uid);
which in turn calls
__cache = _nss_hash_open();
which calls
dbopen()


L.

--
Luca Berra -- [EMAIL PROTECTED]
       Communication Media & Services S.r.l.
/"\
\ /     ASCII RIBBON CAMPAIGN
 X        AGAINST HTML MAIL
/ \

Reply via email to