Mailinglist Archive: opensuse-bugs (9648 mails)
| < Previous | Next > |
[Bug 339326] New: nss_ldap group lookups fail with eDirectory server (cause : group-utf8.dif)
- From: bugzilla_noreply@xxxxxxxxxx
- Date: Mon, 5 Nov 2007 13:10:36 -0700 (MST)
- Message-id: <bug-339326-21960@xxxxxxxxxxxxxxxxxxxxxxxxx/>
https://bugzilla.novell.com/show_bug.cgi?id=339326
Summary: nss_ldap group lookups fail with eDirectory server
(cause: group-utf8.dif)
Product: openSUSE 10.2
Version: Final
Platform: x86-64
OS/Version: openSUSE 10.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: adaugherity@xxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
I configured (using YaST) an OpenSuSE workstation to authenticate against the
eDirectory server using LDAP. Logins work fine, but group lookups do not work
(i.e. I can log in with my eDirectory account, but my group membership is just
"614", and "getent group 614" returns nothing).
Turning on debug in ldap.conf shows LDAP queries in line with what I'd expect.
Manually running those exact queries with ldapsearch gives the expected
results. After banging my head against the wall with this, I copied the
ldap.conf to an Ubuntu machine that was using a different LDAP server
(OpenLDAP, not eDirectory). Both logins and group lookups worked fine on that
machine with the eDirectory ldap.conf from the opensuse box, so this indicates
the ldap.conf was configured properly.
I downloaded the source packages for each distribution to see if there were any
patches that could be causing this, and the "group-utf8.dif" stuck out. I
commented out the line referencing it in the spec file, rebuilt nss_ldap, and
now everything works properly.
The same applies to the nss_ldap packages from 10.3 -- stock configuration does
not work, comment out the group-utf8 patch, and it does, so I assume the bug is
still present in 10.3.
This must be some interaction between nss_ldap and eDirectory -- the stock
configuration does work with group lookups against an OpenLDAP server (using
the ldap.conf from the Ubuntu box). As far as I know, eDirectory is configured
properly -- groups and users are Linux-enabled -- but that is not my realm of
expertise (and I am not the eDirectoy admin), so an eDirectory misconfiguration
is not out of the question.
Summary:
-LDAP group lookups fail with eDirectory server.
To reproduce:
-Configure LDAP login with YaST to use our eDirectory server.
Fix:
-Build without the group-utf8.dif patch:
--- nss_ldap.spec-10.2_orig 2007-11-05 12:37:46.000000000 -0600
+++ nss_ldap.spec.fixed 2007-11-05 14:09:02.000000000 -0600
@@ -25,7 +25,7 @@
Source1: README.SuSE
Patch: nss_ldap.dif
Patch1: sigset.dif
-Patch2: group-utf8.dif
+#Patch2: group-utf8.dif
Patch3: nss_ldap-parse-nested-groups-size.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
Summary: nss_ldap group lookups fail with eDirectory server
(cause: group-utf8.dif)
Product: openSUSE 10.2
Version: Final
Platform: x86-64
OS/Version: openSUSE 10.2
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Other
AssignedTo: bnc-team-screening@xxxxxxxxxxxxxxxxxxxxxx
ReportedBy: adaugherity@xxxxxxxx
QAContact: qa@xxxxxxx
Found By: ---
I configured (using YaST) an OpenSuSE workstation to authenticate against the
eDirectory server using LDAP. Logins work fine, but group lookups do not work
(i.e. I can log in with my eDirectory account, but my group membership is just
"614", and "getent group 614" returns nothing).
Turning on debug in ldap.conf shows LDAP queries in line with what I'd expect.
Manually running those exact queries with ldapsearch gives the expected
results. After banging my head against the wall with this, I copied the
ldap.conf to an Ubuntu machine that was using a different LDAP server
(OpenLDAP, not eDirectory). Both logins and group lookups worked fine on that
machine with the eDirectory ldap.conf from the opensuse box, so this indicates
the ldap.conf was configured properly.
I downloaded the source packages for each distribution to see if there were any
patches that could be causing this, and the "group-utf8.dif" stuck out. I
commented out the line referencing it in the spec file, rebuilt nss_ldap, and
now everything works properly.
The same applies to the nss_ldap packages from 10.3 -- stock configuration does
not work, comment out the group-utf8 patch, and it does, so I assume the bug is
still present in 10.3.
This must be some interaction between nss_ldap and eDirectory -- the stock
configuration does work with group lookups against an OpenLDAP server (using
the ldap.conf from the Ubuntu box). As far as I know, eDirectory is configured
properly -- groups and users are Linux-enabled -- but that is not my realm of
expertise (and I am not the eDirectoy admin), so an eDirectory misconfiguration
is not out of the question.
Summary:
-LDAP group lookups fail with eDirectory server.
To reproduce:
-Configure LDAP login with YaST to use our eDirectory server.
Fix:
-Build without the group-utf8.dif patch:
--- nss_ldap.spec-10.2_orig 2007-11-05 12:37:46.000000000 -0600
+++ nss_ldap.spec.fixed 2007-11-05 14:09:02.000000000 -0600
@@ -25,7 +25,7 @@
Source1: README.SuSE
Patch: nss_ldap.dif
Patch1: sigset.dif
-Patch2: group-utf8.dif
+#Patch2: group-utf8.dif
Patch3: nss_ldap-parse-nested-groups-size.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
| < Previous | Next > |