Public bug reported: Binary package hint: libnss-ldap
Using a Hardy Openldap server for users, passwords, and hosts. On the server itself everything works fine. All packages current. Anonymous read access is permitted. Not using TLS. On a Hardy client, user and password authentication works fine. Can search out and read Hosts entries. However, if I turn on DNS authentication by changing the relevant /etc/nsswitch.conf line to hosts: files ldap dns then not only doesn't name resolution work at all, but no new users can login and no existing users can sudo until I restore the line to hosts: files dns User authentication lines are: passwd: files ldap group: files ldap shadow: files ldap and as I say work fine when LDAP hosts lookup isn't enabled. So there are no issues in the PAM common-* files. The /etc/ldap.conf file is vanilla: base dc=myco,dc=com # "ldap1" is defined in /etc/hosts, although same result when I used IP uri ldap://ldap1.myco.com/ ldap_version 3 pam_password md5 nss_base_passwd ou=People,dc=myco,dc=com nss_base_shadow ou=People,dc=myco,dc=com nss_base_group ou=group,dc=myco,dc=com nss_base_hosts ou=Hosts,dc=myco,dc=com nss_initgroups_ignoreusers backup,bin,daemon,Debian-exim,dhcp,dovecot,ftp,games,gnats,irc,klog,libuuid,list,logcheck,lp,mail,man,mysql,news,postfix,proftpd,proxy,root,sshd,statd,sync,sys,syslog,uucp FWIW /etc/resolv.conf points to external (non-Hardy) DNS. Neither client nor server have nscd, but installing and running it on the client made no difference. Likewise, attempting to bind to the LDAP server as manager made no difference. Am in the process of switching over to libnss-ldapd, although I am concerned about the number of problems reported with it, too. ** Affects: libnss-ldap (Ubuntu) Importance: Undecided Status: New -- libnss-ldap prevents user authentication when ldap hosts lookup enabled https://bugs.launchpad.net/bugs/424942 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs