Thanks a lot, works like a charm. I wish i could be of any help to you, saved me a lot of time.
2011/10/4 cdmiller <cdmil...@adams.edu>: > Just a follow up to #106. We have been running with the libgcrypt11 > patch from #73 with a couple thousand openldap and AD users using > Apache2/phpsuexec on Lucid 10.04.2 64 bit for months now with no > troubles. > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/423252 > > Title: > NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 > suexec, and atd > > Status in Release Notes for Ubuntu: > Fix Released > Status in “eglibc” package in Ubuntu: > Invalid > Status in “libgcrypt11” package in Ubuntu: > Confirmed > Status in “libnss-ldap” package in Ubuntu: > Invalid > Status in “sudo” package in Ubuntu: > Invalid > Status in “eglibc” source package in Lucid: > Invalid > Status in “libgcrypt11” source package in Lucid: > Confirmed > Status in “libnss-ldap” source package in Lucid: > Invalid > Status in “sudo” source package in Lucid: > Invalid > Status in “eglibc” source package in Maverick: > Invalid > Status in “libgcrypt11” source package in Maverick: > Confirmed > Status in “libnss-ldap” source package in Maverick: > Confirmed > Status in “sudo” source package in Maverick: > Invalid > Status in “eglibc” source package in Karmic: > Invalid > Status in “libgcrypt11” source package in Karmic: > Won't Fix > Status in “libnss-ldap” source package in Karmic: > Invalid > Status in “sudo” source package in Karmic: > Invalid > Status in “libgcrypt11” package in Debian: > Confirmed > Status in “sudo” package in Debian: > Confirmed > Status in “sudo” package in Kairos Linux: > Confirmed > > Bug description: > On Karmic (alpha 4 plus updates), changing the nsswitch.conf 'passwd' > field to anything with 'ldap' as the first item breaks the ability to > become root using 'su' and 'sudo' as anyone but root. > > Default nsswitch.conf: > > passwd: compat > group: compat > shadow: compat > > matt@box:~$ sudo uname -a > [sudo] password for matt: > Linux box 2.6.31-9-server #29-Ubuntu SMP Sun Aug 30 18:37:42 UTC 2009 x86_64 > GNU/Linux > > matt@box:~$ su - > Password: > root@box:~# > > Modified nsswitch.conf with 'ldap' before 'compat': > > passwd: ldap compat > group: ldap compat > shadow: ldap compat > > matt@box:~$ sudo uname -a > sudo: setreuid(ROOT_UID, user_uid): Operation not permitted > > matt@box:~$ su - > Password: > setgid: Operation not permitted > > Modified nsswitch.conf with 'ldap' after 'compat': > > passwd: compat ldap > group: compat ldap > shadow: compat ldap > > matt@box:~$ sudo uname -a > [sudo] password for matt: > Linux box 2.6.31-9-server #29-Ubuntu SMP Sun Aug 30 18:37:42 UTC 2009 x86_64 > GNU/Linux > > matt@box:~$ su - > Password: > root@box:~# > > The same arrangements in nsswitch.conf work as expected in Jaunty and > earlier releases. > > Lucid Release Note: > > == NSS via LDAP+SSL breaks setuid applications like sudo == > > Upgrading systems configured to use ldap over ssl as the first service > in the nss stack (in nsswitch.conf) leads to a broken nss resolution > for setuid applications after the upgrade to Lucid (for example sudo > would stop working). There isn't any simple workaround for now. One > option is to switch to libnss-ldapd in place of libnss-ldap before the > upgrade. Another one consists in using nscd before the upgrade. > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs