|
Bugzilla – Full Text Bug Listing |
| Summary: | pre-compiled version of nss_ldap hang-up, if german "Umlaute" in group names | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.0 | Reporter: | Alexander Fleischer <Alexander.Fleischer> |
| Component: | Network | Assignee: | Ralf Haferkamp <ralf> |
| Status: | RESOLVED DUPLICATE | QA Contact: | E-mail List <qa-bugs> |
| Severity: | Minor | ||
| Priority: | P4 - Low | ||
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | x86 | ||
| OS: | openSUSE 11.0 | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | ldap.conf config file | ||
I am not able to reproduce the problem here. "id" on a user that is a member of a group with Umlauts in it works without problems here. What do you mean with: "the system hang-up"? Does the id command crash? Or is it hanging and you don't get back to the commandline? Something else? Btw, our packages are build with "--enable-rfc2307bis" as well. So in principle there should be no difference between the nss_ldap module you built and the one that we ship with openSUSE. Could please paste the complete "configure" commandline you used and attach you /etc/ldap.conf? The id command does not return to the commandline, until i cancel it with Ctrl+C. If I run it with strace, it stops at the "poll(".
Of course, I don't know why it's working by simply compiling the source. I installed and compiled the source to find the error, but after compiling the source out of the package (Extracted the *tar.bz2, applied the 2 patches installed with the source, ./configure --enable-rfc2307bis, make, make install) it works fine.
Server is a MS Server 2003 R2 with Active Directory.
I can't access the ldap.conf from here, I will attach it on monday. Basically I uncommented the object mapping for the old version of MS Active Directory Services for Unix and added "referrals off", "ssl on" and "tls_checkpeer no". But it's no SSL issue, it also didn't work without SSL.
When using the binary module, it worked without mapping the uniqueMember attribute, but, of course, with no group information. After uncommenting this line "id" does not return to the command prompt.
On monday, if a can access the machine, I will also check the binaries with ldd, maybe the self-compiled is linked to another lib.
ldd:
c3:/usr/lib # ldd libnss_ldap.so.2.my
linux-gate.so.1 => (0xffffe000)
libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 (0xb7ef7000)
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7ee8000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7ecf000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7e3b000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7e36000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7e0b000)
libdl.so.2 => /lib/libdl.so.2 (0xb7e07000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7df0000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7ddd000)
libc.so.6 => /lib/libc.so.6 (0xb7c9a000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7c54000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7b10000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7aeb000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7ae2000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7ade000)
/lib/ld-linux.so.2 (0xb7f78000)
libz.so.1 => /lib/libz.so.1 (0xb7ac9000)
c3:/usr/lib # ldd libnss_ldap.so.2.suse
linux-gate.so.1 => (0xffffe000)
libldap-2.4.so.2 => /usr/lib/libldap-2.4.so.2 (0xb7f9e000)
liblber-2.4.so.2 => /usr/lib/liblber-2.4.so.2 (0xb7f8f000)
libsasl2.so.2 => /usr/lib/libsasl2.so.2 (0xb7f76000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7ee2000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7edd000)
libgssapi_krb5.so.2 => /usr/lib/libgssapi_krb5.so.2 (0xb7eb2000)
libdl.so.2 => /lib/libdl.so.2 (0xb7eae000)
libnsl.so.1 => /lib/libnsl.so.1 (0xb7e97000)
libresolv.so.2 => /lib/libresolv.so.2 (0xb7e84000)
libc.so.6 => /lib/libc.so.6 (0xb7d41000)
libssl.so.0.9.8 => /usr/lib/libssl.so.0.9.8 (0xb7cfb000)
libcrypto.so.0.9.8 => /usr/lib/libcrypto.so.0.9.8 (0xb7bb7000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7b92000)
libkrb5support.so.0 => /usr/lib/libkrb5support.so.0 (0xb7b89000)
libkeyutils.so.1 => /lib/libkeyutils.so.1 (0xb7b85000)
/lib/ld-linux.so.2 (0xb8020000)
libz.so.1 => /lib/libz.so.1 (0xb7b70000)
Created attachment 252566 [details]
ldap.conf config file
Hm, this sounds a bit like a duplicate of bug#429064. To verify that, could you please add the line "nss_paged_results no" to your /etc/ldap.conf? If it works after that we can be sure that it is the same issue as bug#429064. With the line "nss_paged_results no" it's working correctly. Great, thanks for testing that. I'll mark this bug as a duplicated of bug#429064. Please use "nss_paged_results no" as a workaround for now. A real fix will be released with openSUSE 11.1. *** This bug has been marked as a duplicate of bug 429064 *** |
When using the pre-compiled version of nss_ldap (installed by yast), the system hang-up, if any group name contains a Umlaut ("Domänen-Admins"). Accounts without group names with Umlaut are displayed. I used "id" for testing, here are the last lines from strace: -------------- poll([{fd=5, events=POLLIN|POLLPRI|POLLERR|POLLHUP, revents=POLLIN}], 1, -1) = 1 read(5, "0\204\0\0\0A\2\1", 8) = 8 read(5, "\2e\204\0\0\0\7\n\1\0\4\0\4\0\240\204\0\0\0+0\204\0\0\0%\4\0261.2."..., 63) = 63 time(NULL) = 1226580715 poll(^C <unfinished ...> ------------- Next I installed the corrrespondig source RPM, applied the 2 patches, compiled (with --enable-rfc2307bis) and all is working correctly, without any code modification. nss_ldap Version 260 Release 22.1