Package: libpam-ldap Version: 178-1sarge1 Severity: normal Hello
I muß query two ldap serves for a new mail server. I set this for /etc/pam.d/pop: auth sufficient pam_ldap.so config=/etc/pam_ldap_1.conf auth required pam_ldap.so config=/etc/pam_ldap_2.conf try_first_pass account sufficient pam_ldap.so config=/etc/pam_ldap_1.conf account required pam_ldap.so config=/etc/pam_ldap_2.conf try_first_pass and this don't work. If I use only one ldap-server, it works. With both servers, only the first server work. I debug pam_ldap and found the Problem. In pam_ldap.c the funktion _pam_ldap_get_session (l:2630) check if the cache has old cached informations. If the name of the config-name is changed (l:2662), the user_info is released. This work fine, but after this, the funktion go back without rereading the config (l:2672). with this hacky-patch, i resolve the problem: |--- pam_ldap.c.old 2006-03-10 09:15:21.000000000 +0100 |+++ pam_ldap.c 2006-03-10 09:15:41.000000000 +0100 |@@ -2669,7 +2669,7 @@ | #if LDAP_SET_REBIND_PROC_ARGS < 3 | global_session = *psession; | #endif |- return PAM_SUCCESS; |+ // return PAM_SUCCESS; | } | | *psession = NULL; But this is not a real solution. With this the cached data are never used und maybe we have now some pointer problems or so. Can you reproduce the bug? Can you make a real fix? Thanks for your work Gruss Grisu -- Michael Bramer -- http://www.feuerwehr.kreuzau.de/wiki/ PGP: finger [EMAIL PROTECTED] -- Linux Sysadmin -- Use Debian Linux Jaja. Die Heisenbergsche Unschaerferelation soll nur die Rechenfehler der Simulationshardware verdecken. -- [EMAIL PROTECTED] (Lutz Donnerhacke) ueber simulierte Realitaet -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

