Package: libnss-ldap Version: 238-1 Severity: grave Justification: renders package unusable
Hi! When I configure CA directory with "tls_cacertdir" configuration option in /etc/libnss.conf file NSS querying (for example "finger mitar") takes very long (about 20 seconds per query). With only CA file in both /etc/libnss.conf and /etc/ldap/ldap.conf it is normally fast. Other LDAP programs (ldapsearch) verify CA directory without delay. I noticed this delay only with libnss-ldap (and libpam-ldap but I have not worked on that yet so I am not sure that it is the same cause). I have only default Debian CA certificates (ca-certificates) and one local self-signed for LDAP server. I checked also with current unstable package (251-7) and it is the same. Mitar Relevant options in /etc/nsswitch.conf: passwd: files ldap group: files shadow: files All options in /etc/libnss.conf: host 127.0.0.1:636 base dc=druga,dc=org uri ldaps://127.0.0.1:636/ ldap_version 3 port 636 bind_policy hard pam_login_attribute uid pam_password exop nss_base_passwd ou=People,dc=druga,dc=org ssl on tls_checkpeer yes tls_cacertfile /etc/ssl/certs/ca-certificates.crt tls_cacertdir /etc/ssl/certs tls_ciphers HIGH:!SSLv2 All options in /etc/ldap/ldap.conf: BASE dc=druga,dc=org URI ldaps://127.0.0.1:636/ HOST 127.0.0.1:636 PORT 636 TLS_CACERT /etc/ssl/certs/ca-certificates.crt TLS_CACERTDIR /etc/ssl/certs TLS_REQCERT demand -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.17-usura Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages libnss-ldap depends on: ii debconf 1.4.30.13 Debian configuration management sy ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libkrb53 1.3.6-2sarge3 MIT Kerberos runtime libraries ii libldap2 2.1.30-8 OpenLDAP libraries -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
