The problem from the logs is the the lookup of the user failed in nslcd.
This probably means that authentication between nslcd and the LDAP
server needs to be configured in nslcd.conf. I expect that getent.ldap
also fails with this configuration/
If you are not using libnss-ldapd for LDAP user acc
Can you post the output from nslcd in debug mode? The easiest way to do
this is run in a separate window:
% sudo -s
# service nslcd stop
# nslcd -d
It is important to run sudo -s first because if you stop the nslcd
service the LDAP users will not be able to authenticate until you start
nslcd agai
Thanks for reporting this. I've changed the behaviour upstream, see
https://arthurdejong.org/git/nss-pam-
ldapd/commit/?id=d8ad7b127363d6d73ab1de6796886fda5eb07054
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.
If you are using NFS you probably already use the NFS id mapper which
should take care of things if you are using the same user names across
servers, even if the numeric ids differ.
I have managed some environments where some system users were in LDAP
for legacy reasons. In that case I just copied
I would strongly recommend against putting system users (e.g. tomcat
user) in LDAP. Especially it is difficult to this right during boot and
shutdown. The default configuration of nss-pam-ldapd also filters uids <
1000 out of queries to avoid this.
The reason that some services are listed in nslcd
The trace doesn't help me much in tracking it down I'm afraid. I've
checked all the uses of strcmp() in nslcd that could be reachable and
have not found a likely candidate. You could try building a package on
another machine that includes the debug symbols (see
https://jameswestby.net/tips/tips/com
Thanks for your bug report. Can you provide your nslcd.conf?
Also, can you run an nslcd that contains the debug symbols? The easiest
way to do that is probably to compile nslcd from source. Also installing
libkrb5-dbg, libldap-2.4-2-dbg, libc6-dbg, libcomerr2-dbg, cyrus-
sasl2-dbg, libgnutls26-db
This is likely to be the same issue as https://bugs.debian.org/759544
which is fixed in Debian testing and unstable. Discussion on fixing this
is stable can be found at https://bugs.debian.org/785053. Fixing this in
a 0.9.4 version probably requires inclusing other patches that are part
of 0.9.5.
** Bug watch added: Debian Bug tracker #759544
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759544
** Also affects: nss-pam-ldapd (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=759544
Importance: Unknown
Status: Unknown
--
You received this bug notification bec
The aptitude output shows that the bug is in libpam-ldap, not in libpam-
ldapd (part of nss-pam-ldapd).
** Package changed: nss-pam-ldapd (Ubuntu) => libpam-ldap (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.la
Thanks for reporting this. It seems the crash happend quite quicly after
start-up (issues during start-up have been seen in relation to SSL).
Does the kernel log anything (segmentation fault)?
What is your nslcd.conf like?
If you run nslcd in debug mode (start manually with -d) does it output
an
dpkg --compare-versions "" lt-nl "0.8" returns 1 (false) here (Debian
sid). Is this different on Ubuntu?
Debian wheezy has 0.8.10-4 which includes all the fixes mentioned above,
except for #717063. This release also includes all the changes currently
in the Ubuntu version (0.8.4ubuntu0.3).
There
Granted, it is quite a long list of changes but 0.8.4 was never meant to
be a stable release and the 0.8 series was in mind-development around
0.8.4 so that is to be expected.
On my system dpkg --compare-versions "" lt-nl "0.8" is false so it would
seem the code is also not run on fresh installs (
The problems in configuration handling are probably addressed in
Launchpad bug https://bugs.launchpad.net/bugs/1350778.
What is exactly the use case for diverting /etc/nslcd.conf? Currently
the path is fixed at compile-time in the nslcd binary so moving it
somewhere else will not accomplish much i
I don't think the configuration upgrade code is the issue here (that
would probably only cause issues with some downgrades). Furthermore,
from a quick glance it seems the patch disables debconf configuration
altogether.
The Debian packages contains numerous fixes to the debconf handling and
config
If you can reliably reproduce this, please try to supply debugging information
as described in
https://bugs.debian.org/643948#61
(specifically the gdb invocation of ldapsearch).
It this can be shown to be a problem in libldap or something else it can
be chased in the appropriate package.
Any h
In this configuration you probably need libnss-ldapd for the account
information and libpam-krb5 for Kerberos. You don't need libpam-ldapd.
This should also be doable with SSSD.
Anway, I don't think there is enough information in the bug report to
investigate further.
--
You received this bug no
The dpkg log shows the installation of nslcd (was uninstalled before).
The relevant part shows that adduser failed:
Adding new user `nslcd' (UID 116) with group `nslcd' ...
adduser: `/usr/bin/chfn -f nslcd name service LDAP connection daemon nslcd'
exited from signal 139. Exiting.
dpkg: error pro
This is probable the same problem as Debian bug #717063
(http://bugs.debian.org/670133). The applied fix is here:
http://arthurdejong.org/viewvc/nss-pam-ldapd?view=revision&revision=2016
** Bug watch added: Debian Bug tracker #670133
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=670133
--
I've merged your change upstream in both the 0.8 and 0.9 branches.
Attached is a patch that should be suitable for dropping in
debian/patches for version 0.8.13-2.
** Patch added: "implement-nofork.patch"
https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/806761/+attachment/3776774/+
According to the mailing list post you would expect that "expect fork"
should be the right thing to do.
If you really want to implement a command-line switch for this (I think
it is a bit silly to have to do this for upstart), please name it -n
(this seems to be used by a few daemons that provide
Currently nslcd does not support not forking into the background outside
of debug mode.
The pid of nslcd can be reliably determined by looking at
/var/run/nslcd/nslcd.pid.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.l
It is not recommended to run nslcd in debug mode in production.
Anyway, on start-up nslcd will call daemon() to daemonise. I thought
that daemon() called fork() twice but according to the manual page it
only forks once. After that, it starts a number of threads (configured
by the threads option in
Juan,
Can you provide some more information on your boot sequence? nslcd
should only hang if it has been started before networking is available
(which shouldn't happen because of the init scripts dependencies).
If your connection to the LDAP server is otherwise reliable you could
also reduce the
The described bug is in the libnss-ldap package which is not related to
nss-pam-ldapd.
You do not need nslcd if you are using libnss-ldap and libpam-ldap. It
is not used at all. If you want to use nslcd, you should be using
libnss-ldapd and libpam-ldapd instead.
The warning message with the undef
This was changes in 0.8.11 which was uploaded as 0.8.11-1 to Debian
experimental (in experimental mostly to avoid problems for the upcoming
Debian stable release).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.
You mean you are using libnss-ldap and libpam-ldapd together? It should
work fine I guess but isn't a very common configuration (at least to my
knowledge).
The warning is just that: a warning. It warns for something that usually
doesn't happen. It can be safely ignored if you are knowingly not usi
I have been looking at trying to integrate the patch but I still don't
have a really good feeling about this whole upstart thing and I don't
really have a proper way to test this.
For example I still don't really understand why the whole thing with the
if-up file is required. It seems like a very
Just to be clear: nslcd is not a replacement for nscd. It does not do
caching.
The "Can't contact LDAP server" messages can happen when an existing
connection to the LDAP server is terminated for some reason. One common
cause for this is networking timeouts in a firewall or a idle timeout in
the L
** Changed in: nss-pam-ldapd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/940092
Title:
package nslcd 0.7.13 failed to install/upgrade: subprocess installed
** Changed in: nss-pam-ldapd (Ubuntu)
Status: Confirmed => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/992737
Title:
Ineffective pam_authz_search filter
To manage notifications abo
** Changed in: nss-pam-ldapd (Ubuntu)
Status: New => Invalid
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/893806
Title:
postinst fails due to sh fat finger
To manage notifications about thi
The problem is that the value "external" isn't currently supported by
the package configuration and it is incorrectly replaced by auto as a
default value. Current supported values are: auto, LOGIN, PLAIN, NTLM,
CRAM-MD5, DIGEST-MD5, GSSAPI, OTP.
The "EXTERNAL" value will be added as a possible val
It may be useful to know that Debian just added some information to policy
regarding init systems other than SysV init and even some notes specific to
upstart:
http://www.debian.org/doc/debian-policy/ch-opersys.html#s-alternateinit
--
You received this bug notification because you are a member
This has been fixed in development and an upcoming 0.8.10-2 release is
expected to fix this.
Note that with 0.8.5 or newer the workaround would be to place the empty
"base" before the other "base " entries.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
Hi, I've had a quick look at the patch (Patch rev5) but there are a few
problems/questions for inclusion into Debian:
- Debian is currently preparing for the next stable release and as such I don't
think I will upload this change to Debian unstable any time soon as it could
interfere with gettin
The libgcrypt problem is a known one without a known solution so far. Some
background information is here:
http://bugs.debian.org/643948
https://bugzilla.redhat.com/506796
It seems to be a bug in either libgcrypt or OpenLDAP (I don't have time
to dig into this at the moment though).
** Bug watch
I've been looking into integrating the patch into Debian. The spelling
fix was easy so that will be done with the next upload ;)
However, I have a few questions about the upstart scripts:
- Why was the init script dropped? Isn't it better to keep both so that systems
without upstart can still sta
On Sun, 2012-07-01 at 05:29 +, William Van Hevelingen wrote:
> If you prepare a patch you'll want to attach additional SRU
> information to the bug ticket for this to go into Precise.
Ok, here is my best shot at this.
[IMPACT]
This bug affects people who use a mix of debconf and manual
confi
>From the logs it seems that you aborted configuration of cvsd which
means that cvsd remains unconfigured and installation cannot continue.
At this point dpkg aborts the installation. This doesn't seem like a bug
to me but expected functionality.
--
You received this bug notification because you
If this is useful for Ubuntu, I can prepare a patch, although I would
recommend against using 0.8.4 in a stable release because the 0.8 series
is still in development (but now reaching stability with 0.8.8-3).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
There recently were a few bugs regarding upgrades (some fixed) in Debian, see:
http://bugs.debian.org/670133
http://bugs.debian.org/672301
Perhaps this is a duplicate of one of these bugs?
It would be helpful if you could post versions of nslcd before and after
the upgrade and the contents of
Sadly, I have no idea how to close bugs on Launchpad but I'm glad it's
fixed.
In case you're interested if shadow information is exposed pam_unix will
check that information as well. Since 0.8.4 nslcd will ensure that
correct data is returned to pam_unix whether shadow information is
exposed or no
On Tue, 2012-05-01 at 19:57 +, Craig White wrote:
> # getent shadow cwhite
> cwhite:*:15245::0
>
> # cat /etc/pam.d/common-account
[...]
> account [success=2 new_authtok_reqd=done default=ignore]
> pam_unix.so
> account [success=1 default=ignore] pam_ldap.so
Th
Can you include the contents of your /etc/pam.d/common-account file?
Also, does
getent shadow yourusername
output any information?
Lastly, it would be really helpful to have the output of nslcd -d while
you try a login.
Thanks.
--
You received this bug notification because you are a member o
craig-white@139
Please file a bug against nslcd to track the problem with
pam_authz_search.
Also, in general, bug reports for any missing features are welcome.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
You can replace "pam_check_host_attr yes" with
pam_authz_search
(&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
See the nslcd.conf manual page for more details (the 0.7 series doesn't have
the fqdn value yet).
Btw, you can use libpam-ldap fine together wit
If you are seeing something like:
Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol:
_nss_ldap_enablelookups (probably older NSS module loaded)
It means that you probably have libnss-ldap installed instead of libnss-ldapd
(note the extra d). Using nslcd works best with libnss-ld
It is probably best to migrate to either nss-pam-ldapd, sssd or nss-pam-
ldapd in combination with the nssov slapd overlay.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/423252
Title:
NSS using LDAP
>From your DpkgTerminalLog it seems that you chose Cancel when prompted
for the LDAP server URI. This means that the configuration of the
package is aborted which means it cannot be installed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ub
If you mean whether the memberOf attribute will be supported in nss-pam-
ldapd the answer is when someone provides a patch ;) Adding support is a
bit tricky, especially for reverse lookups and doesn't add much if
you're already using the uniqueMember attribute (which you appear to
do).
--
You rec
You mean that the group members are missing?
You probably need
map group member uniqueMember
since in the 0.8 series the default has been changed to use the member
attribute instead of the uniqueMember attribute.
Note that nss-pam-ldapd doesn't currently support the memberOf attribute
(which s
The _nss_ldap_enablelookups undefined symbol is to be expected when
using nslcd with the old nss_ldap. nslcd does not do anything useful
when using libnss-ldap, only with libnss-ldapd.
For the not working group lookups it would be helpful to have some of
the output from getent group, information o
If I download the binary package from
http://nl.archive.ubuntu.com/ubuntu/pool/universe/n/nss-pam-ldapd/nslcd_0.7.13_amd64.deb
the postinst file doesn't contain || /bin/true.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://b
I cannot find the || /bin/true code near adduser in either the Debian
packages or the Ubuntu ones.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/893806
Title:
postinst fails due to sh fat finger
To
On Tue, 2011-09-06 at 06:23 +, Klavs Klavsen wrote:
> The version in Ubuntu Lucid is unfortunately 0.7.2 - so the very welcome
> validnames option in v0.8.2 is really not helpful, as I can only run LTS
> versions in my production environment.
>
> Would you welcome a patch against the 0.7.2 pac
nss-pam-ldapd has reasonably strict checking of user and group names to
avoid problematic users existing by accident on the system. Version
0.8.2 introduces the validnames option that allows you to set a regular
expression that will be used to filter valid names.
Note that nslcd is completely sepa
** Package changed: nss-ldapd (Ubuntu) => nss-pam-ldapd (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/841660
Title:
nslcd complains about / in groupnames
To manage notifications about this
Could you provide the output of the following:
find /etc/ld.so.conf* -type f | xargs cat | grep '^/'
On my system it includes the /lib/*-linux-gnu directory. This is what
cvsd-buildroot uses (from 1.0.22).
If anyone with more multiarch know-how then myself could provide a
better way to do this
Can you try cvsd-buildroot from cvsd 1.0.22? If that doesn't help please
include the output of cvsd-buginfo.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/801675
Title:
cvsd: no such system user --
If Ubuntu wants to address this issue I can probably assist in
backporting this fix to 0.7.2 if that is needed.
--
nslcd doesn't failover to backup server on authentication (bind)
https://bugs.launchpad.net/bugs/585966
You received this bug notification because you are a member of Ubuntu
Bugs, wh
Regarding the pam_check_host_attr and pam_check_service_attr options of
pam_ldap, nslcd has a pam_authz_search option that can replace
functionality of those options (and much more). This option has been in
nss-pam-ldapd since version 0.7.4.
Any other feature requests (and bug reports) are very mu
Could you include the output of "cvsd -d" (as root)?
It seems that cvsd thinks that port 2401 is already bound. Can you also
report the output of "sysctl net.ipv6.bindv6only" (as root)?
If you are not using IPv6 you could change the bind statement in
cvsd.conf to "Listen 0.0.0.0 2401" to force th
If cvsd fails to start it should log the reason to syslog (check
/var/log/syslog). Also cvsd has a script included (cvsd-buginfo) that
gathers all needed information for most bug reports and checks for
common misconfigurations.
Can you check /var/log/syslog and provide the output of cvsd-buginfo?
** Changed in: nss-pam-ldapd (Ubuntu)
Assignee: Arthur de Jong (adejong) => (unassigned)
--
nslcd doesn't failover to backup server on authentication (bind)
https://bugs.launchpad.net/bugs/585966
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
Another alternative would be to have a separate package for the nssov
overlay which would provide/conflict nslcd. That package (slapd-nssov?)
could then also have the maintainer scripts configure and enable the
overlay in slapd.
I don't think dropping the dependency is a good idea because users
up
It is strange that a slash would end u in the config. Can you include
the output of the following commands in the bugreport:
hostname --domain
hostname --nis | grep '\.'
hostname --fqdn | sed -n 's/^[^.]*\.//p'
sed -n 's/^ *\(domain\|search\) *\([^ ]*\) *$/\2/p' /etc/resolv.conf
sudo grep -i base
The default location that both nss-ldapd and nssov use is
/var/run/nslcd/socket. The Ubuntu package (at least 0.6.11ubuntu2) uses
/var/run/nslcd/nslcd.socket, probably left over from 0.6.11ubuntu1 where
it was /var/run/nslcd.socket.
--
socket path does not match nssov's socket path
https://bugs.l
Yes, the libnss-ldapd package should depend on nslcd. An alternative to
nslcd is running a slapd with an nssov module but I don't know in which
package that module is (that package should problably provide nslcd),
--
libnss-ldapd package shoud depend of nslcd
https://bugs.launchpad.net/bugs/50781
The only problem is that sudo is missing from the sh -x call but I found the
problem anyway (the cvsd-buginfo output showed how far it got). The problem is
that bash 4 handles the this statement:
false || ( false && false )
differently from bash 3 when set -e is used (bash 4 terminates the scri
The relevant part of the dpkg log is:
Setting up cvsd (1.0.16) ...
Adding group `cvsd' (GID 125) ...
Done.
Adding system user `cvsd' (UID 116) ...
Adding new user `cvsd' (UID 116) with group `cvsd' ...
Creating home directory `/var/lib/cvsd' ...
creating directory structure under /var/lib/cvsd...
Oops, there was a dot missing from the regular expression, it should read:
--yank='^https?://[a-z0-9A-Z.]*/$'
--
webcheck -q not silent
https://bugs.launchpad.net/bugs/401050
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-b
It is clearer if you file separate bugs for separate issues. Anyway, regarding
the -q option not working. What output are you seeing? I think there may be
some debugging info left over from development. You should be able to comment
out the line containing
conn.set_debuglevel
in schemes/http.p
What worked for me was to copy the .ifo files manually from the DVD to
the tmp/ifo/ directory.
--
Cannot extract vobsub file from ifo files in local folder, only from DVD
https://bugs.launchpad.net/bugs/242604
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
I have seen the same problem and I too have /home over NFS. It seems
that for some reason or another some locks remain in place. Opening
places.sqlite by hand also gave an arror (forgot to write it down,
sorry).
After creating a tarball from the profile directory from
~/.mozilla/firefox, removing
** Changed in: ubuntu
Sourcepackagename: libnss-ldap => None
--
nscd: nss_ldap: server is unavailable
https://bugs.launchpad.net/bugs/237115
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.u
The log message is from nss_ldap, not from nss-ldapd, reassigning this
bugreport.
** Changed in: libnss-ldap (Ubuntu)
Sourcepackagename: nss-ldapd => libnss-ldap
--
nscd: nss_ldap: server is unavailable
https://bugs.launchpad.net/bugs/237115
You received this bug notification because you are a m
I'm the main developer of nss-ldapd as well as the Debian package
maintainer and I think 0.5 is good for testing but not yet ready for
production use. A number of major and minor bugs were fixed in later
releases, some of the fixes were done by some restructuring of the code.
All in all from 0.5 t
Could you indicate which version of nss-ldapd causes problems for you?
Ubuntu ships 0.5 in Hardy which I would recommend against using and
0.6.2 in Intrepid. The last version is a lot more stable and is better
tested.
If with version 0.6.2 you still have problems, could you give some more
informat
The version of nss-ldapd that Ubuntu is shipping is old. In recent
releases a number of bugs haven been fixed that affect stability of
nslcd. Please try 0.6.2 (the most recent release). That version is
available in Debian, porting it to Ubuntu shouldn't be too difficult.
--
libnss-ldapd nslcd cra
80 matches
Mail list logo
