Serious LDAP Authentication Issues[Scanned]
Chris Bradford
chrisbradford at cambridge-news.co.uk
Mon Jul 3 22:18:55 UTC 2006
Hi guys,
I posted a while back about an LDAP authentication error I am getting,
now I've since found a work around but its messy to say the least. I'm
hoping this will catch one of the developers attention.
If I configure LDAP authentication to my Windows Server 2003 Domain via
Services For Unix 3.5, the majority of my users cannot log into the
system, there is an error like this that flashes up:
login:../../../libraries/liblber/sockbuf.c:89: ber_sockbuf_ctrl:
Assertion ' ( (sb)->sb_opts.lbo_valid == 0x3)' failed
If I run "id %username%" - ie "id chrisbradford" i get:
id: ../../../libraries/liblber/sockbuf.c:89: ber_sockbuf_ctrl: Assertion
`( (sb)->sb_opts.lbo_valid == 0x3 )' failed.
uid=10010(chrisbradford) gid=10000(LinuxUsers)Aborted
So this appears to be a problem when obtaining the secondary group
information as submitted in this bugzilla report:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187448
Now, what I've noticed is that this seems to be a problem with the newer
nss_ldap libraries (ie 249 & 250), I say this because FC4 *does not*
have these problems, and neither does Ubuntu 5.05/6.06 (which uses
libnss-ldap 238) The latest version of OpenSuse *is* however affected by
this issue and it has a more recent version of nss-ldap
The workaround under FC5 is to install BerkelyDB, OpenLDAP and then
nss_ldap-250. The catch is that the ldap libraries only work for a short
while before these problems arise again, thus they have to be
re-installed via a cron job *every hour*. This is madness! The setup of
all this adds around 2 hours to a basic install.
Has anyone else experienced these issues, and if so have you found a
more permanent solution, and one that does not take so long? I'm
determined after getting a fix going that I would help get this fixed.
I imagine its a pretty serious issue, as an enterprise of around 500
workstations we're keen to use Linux, and I'm keen to push FC5, but this
is hindering our roll-outs.
Many thanks,
Chris Bradford
This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com
More information about the fedora-list
mailing list