Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 May 2006 23:30:21 GMT
From:      Sean McNeil <sean@mcneil.com>
To:        freebsd-ports-bugs@FreeBSD.org
Subject:   Re: ports/91806 : net/nss_ldap broken with getpwuid*
Message-ID:  <200605112330.k4BNULM9075796@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The following reply was made to PR ports/91806; it has been noted by GNATS.

From: Sean McNeil <sean@mcneil.com>
To: Artem Kazakov <kazakov@gmail.com>
Cc: bug-followup@FreeBSD.org
Subject: Re: ports/91806 : net/nss_ldap broken with getpwuid*
Date: Thu, 11 May 2006 16:28:14 -0700

 On Wed, 2006-05-10 at 23:01 -0700, Sean McNeil wrote:
 > On Thu, 2006-05-11 at 14:15 +0900, Artem Kazakov wrote:
 > > Hello! 
 > > 
 > > Sean McNeil <sean@mcneil.com>:
 > > > Recent update of nss_ldap breaks getpwuid* routines.  This is evident with sshd.  Attempting to
 > > > 
 > > > ssh localhost
 > > > Password:
 > > > Connection to localhost closed by remote host.
 > > > Connection to localhost closed.
 > > > 
 > > > sshd[]: nss_ldap: could not search LDAP server - Server is unavailable
 > > > sshd[]: fatal: login_get_lastlog: Cannot find account for uid 501
 > > > 
 > > > Reverting to previous version fixes the problem.
 > > 
 > > Could you please check your nss_ldap.conf file? 
 > > It looks like, if you set 
 > > bind_policy soft
 > > nss_ldap stops working. I do not know the details yet, but I faced the same problem. 
 > > If you change bind_poicy to hard (as it is by default) everything should work. 
 > 
 > Indeed, this is exactly the problem I have.  Commenting out my setting
 > of "bind_policy soft" allows ssh to function once again.
 
 bind_policy hard is just unacceptable to me as it causes my system
 startup to be horrendous.  Playing around with nss_ldap.conf offered
 another solution for me that works:
 
 bind_policy soft
 nss_connect_policy oneshot
 
 For some reason, persistent connections is messing up sshd.  I'm happy
 with the oneshot, though, and I'll stick with these options.
 
 Cheers,
 Sean

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200605112330.k4BNULM9075796>