Bug#409342: missing "DNS" in nsswitch.conf brakes libnss-ldap service

Thu, 01 Feb 2007 23:35:38 -0800 

Package: libnss-ldap
Version: 251-7.1

A missing call to service DNS in /etc/nsswitch.conf makes the nsswitch
system unuseable without error message, even if DNS is nor really needed.

My /etc/libnss-ldap.conf is
----cut----
uri ldaps://10.76.195.82 ldaps://10.76.192.88
tls_checkpeer yes
tls_cacert /etc/ssl/certs/cacert.pem
ldap_version 3

bind_policy hard
nss_reconnect_maxconntries 2
nss_reconnect_sleeptime 2
nss_reconnect_maxsleeptime 10
nss_reconnect_tries 2

base dc=ibw,dc=forst,dc=uni-goettingen,dc=de
pam_filter objectclass=posixAccount
pam_min_uid 10000
nss_base_passwd ou=Leute,dc=ibw,dc=forst,dc=uni-goettingen,dc=de?one
nss_base_shadow ou=Leute,dc=ibw,dc=forst,dc=uni-goettingen,dc=de?one
nss_base_passwd ou=HostIds,dc=ibw,dc=forst,dc=uni-goettingen,dc=de?one
nss_base_group  ou=Gruppen,dc=ibw,dc=forst,dc=uni-goettingen,dc=de?one
nss_base_hosts ou=HostIds,dc=ibw,dc=forst,dc=uni-goettingen,dc=de?one
---cut---

My /etc/nsswitch.conf is
---cut---
passwd:         files  ldap
group:          files  ldap
shadow:         files  ldap

hosts:          files ldap
networks:       files

protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis
---cut---

If I call 'getent passwd' I get only the contents of the local
/etc/passwd file and the process __hangs indefinitely__. There is no
error message in syslog.

I would expect an error message at least. A configuration without DNS
seems not unreaonable to me. In fact, the present server is a printer
server. Nobody would need connections to the worldwide net from
here. LDAP should cope with the local IP addresses and the Addresses
of the LDAP servers are specified in numerical form anyway.

I found a workaround, after _long_ experimentation:

A line in /etc/nsswitch.conf reading

   hosts: files dns ldap

resolves the problem.

Even

   hosts: files

works.

So it is LDAP that needs DNS even with numerical URIs.


I am using debian 4.0,
           kernel 2.6.18-3-486,
           libc-2.3.6.so,
           libldap-2.3.so.0.2.18, libldap_r.so.2.0.130, libldap.so.2.0.130

--
-------------------------------------------------------------------
Juergen Prenzel
Institut fuer Bodenkunde und Waldernaehrung
Buesgenweg 2
D-37077 Goettingen
Tel.: +49/551/39-12104  Fax: +49/551/39-3310  email: [EMAIL PROTECTED]
-------------------------------------------------------------------



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to