On 04/15/2009 01:33 AM, Konrad Heuer wrote: > > I see a problem on two systems running FreeBSD 7.0 or 7.1 which are > configured as OpenLDAP clients using the nss_ldap module. > > When someone logs on using ssh protocol version 2 the session will not > be initialized correctly. The user will only get his primary group > affiliation but no affiliation to other groups (memberUid attribute in > LDAP group entries). > > On 7.1 the ssh login process hangs forever with open ldap queries, on > 7.0 the group list is incomplete. On several 6.x systems, all works > correctly. > I have used the configuration for years now. > > There are some workarounds I found: > > a) use ssh protocol version 1 > b) set UseLogin to yes in sshd_config > c) avoid ssl encryption in communication to ldap server > (ldap://... uri instead of ldaps://... in ldap.conf) > > Does anybody see similar problems? Does anybody have an idea what may > couse the problem?
I recently submitted ports/133501 regarding this issue, but I have not yet received a response. My workaround was to disable pthread_atfork support, so the problem might be related to the change from libkse to libthr in RELENG_7. -- Benjamin Lee http://www.b1c1l1.com/
signature.asc
Description: OpenPGP digital signature