Date: Tue, 31 Mar 2009 10:18:55 +0000 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: freebsd-questions@freebsd.org, freebsd-current@FreeBSD.org Subject: Issues with OpenLDAP 2.4.15 and FreeBSD 8.0-CUrrent as well as with FreeBSD 7.2-PRE using DB 4.7 Message-ID: <49D1EE0F.1050901@zedat.fu-berlin.de>
next in thread | raw e-mail | index | archive | help
I reported this earlier here and now I'm about to file a PR. Before that, I will ask whether there is a solution out here or someone can give a hint in case I ran into a hidden misconfiguration. First I see on all FreeBSD flavours (7.2 and 8.0) a coredump of LDAP clients when doing ldapsearch, ldappasswd. The client performs well, but at the end it terminates with some SIG 11. Another very severe issue is with Db 4.7 and OpenLDAP 2.4.15 as taken from ports. On FreeBSD 7.1/7.2 I was running a OpenLDAP 1.4.15 server, used with DB 4.6. Several experimental boxes with FreeBSD 8.0-CURRENT and FreeBSD 7.1/7.2 were referring to that LDAP server for user authetication. After backing up the database, installing DB 4.7, recompiling everything that depends on DB 4.X, recompiling at last OpenLDAP and doing a Db recover ends up in a problem. The clients which were willing to perform logins via ssh by autheticating users via this LDAP server refuses now authentication! The same client authenticates the users of the LDAP server via LDAP authentication when accessing protected webpages served by lighttpd. I also can enumerate /home with users taken from the LDAP server, except login in via ssh. I did not change sshd's config, so I suspect something else. Watching console log and slapd log I see no issues aside the slapd log, but console and sshd log tell something about an unknown user with uid XXXX. Googling for this error I find a lot of sshd/nss/ldap related issues - but no solution. Doinf a 'sudo' or 'su' on the same machine to users residing on LDAP db is possible. But connection via ssh isn't possible. Another very strange behaviour occurs on FreeBSD 8.0-CURRENT serving as OpenLDAP 2.4.15 server with cysrus-sasl compiled in and DB 4.7. Authentication to this server, even from the local host, takes approximately 20 - 30 seconds, connecting LUMA for administering also takes that long, even showing up the DIT in LUMA takes unconveniently long times to perform. This happens when this server was updated from FreeBSD 7.2-PRE to FreeBSD 8.0-CURRENT with all the stuff completely fresh installed. Before the upgrade, the OpenLDAP server was running 2.4.15 with DB 4.7 as well as it does now under FreeBSD 8.0-CUR. Well, even with fresh standard installations taken from the templates when using nss_ldap/pam_ldap/OpenLDAP shows those strange issues on all mentioned boxes and OS flavours. Now I think I ran into a severe issue with either OpenLDAP 2.4.15 and/or FreeBSD 8.0. Regards, Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?49D1EE0F.1050901>