Hi Arthur,
I just upgraded one of our local systems to jessie and hit this bug.
This is the installed version of nslcd:
root@smithers:/etc# dpkg -s nslcd
Package: nslcd
Status: install ok installed
Priority: extra
Section: admin
Installed-Size: 423
Maintainer: Arthur de Jong <adej...@debian.org>
Architecture: amd64
Multi-Arch: foreign
Source: nss-pam-ldapd
Version: 0.9.4-3
Replaces: libnss-ldapd (<< 0.7.0), nslcd-2
Provides: nslcd-2
[...]
Unfortunately, we are using group membership to restrict access to a
number of services on that machine (namely the ability to control the
KVM virtual machines).
I applied this work around:
If you are not using the member attribute in group searches you could
set
map group member ""
as a workaround in nslcd.conf to disable member attribute expansion
altogether.
However, this way all LDAP groups are now empty. The groups are still
reported via getent group, but they don't have any members:
root@smithers:~# getent group|grep smithers
login.servers.smithers.login:*:10503:
torsten@horatio:~$ getent group|grep smithers
login.servers.smithers.login:*:10503:martin.muster,first.surname,torsten.landschoff,...
Any hint how this can be fixed? I'd be up to patch the source and build
a new package for our local systems.
Greetings, Torsten
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
