Serious LDAP Authentication Issues[Scanned]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi guys,

I posted a while back about an LDAP authentication error I am getting, now I've since found a work around but its messy to say the least. I'm hoping this will catch one of the developers attention.

If I configure LDAP authentication to my Windows Server 2003 Domain via Services For Unix 3.5, the majority of my users cannot log into the system, there is an error like this that flashes up:

login:../../../libraries/liblber/sockbuf.c:89: ber_sockbuf_ctrl: Assertion ' ( (sb)->sb_opts.lbo_valid == 0x3)' failed

If I run "id %username%" - ie "id chrisbradford" i get:

id: ../../../libraries/liblber/sockbuf.c:89: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed.
uid=10010(chrisbradford) gid=10000(LinuxUsers)Aborted

So this appears to be a problem when obtaining the secondary group information as submitted in this bugzilla report:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187448

Now, what I've noticed is that this seems to be a problem with the newer nss_ldap libraries (ie 249 & 250), I say this because FC4 *does not* have these problems, and neither does Ubuntu 5.05/6.06 (which uses libnss-ldap 238) The latest version of OpenSuse *is* however affected by this issue and it has a more recent version of nss-ldap

The workaround under FC5 is to install BerkelyDB, OpenLDAP and then nss_ldap-250. The catch is that the ldap libraries only work for a short while before these problems arise again, thus they have to be re-installed via a cron job *every hour*. This is madness! The setup of all this adds around 2 hours to a basic install.

Has anyone else experienced these issues, and if so have you found a more permanent solution, and one that does not take so long? I'm determined after getting a fix going that I would help get this fixed. I imagine its a pretty serious issue, as an enterprise of around 500 workstations we're keen to use Linux, and I'm keen to push FC5, but this is hindering our roll-outs.

Many thanks,

Chris Bradford




This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux