Package: libpam-ldap
Version: 178-1sarge1
Severity: normal

Hello

I muß query two ldap serves for a new mail server. 

I set this for /etc/pam.d/pop:
  auth    sufficient    pam_ldap.so config=/etc/pam_ldap_1.conf
  auth    required      pam_ldap.so config=/etc/pam_ldap_2.conf try_first_pass

  account sufficient    pam_ldap.so config=/etc/pam_ldap_1.conf
  account required      pam_ldap.so config=/etc/pam_ldap_2.conf try_first_pass

and this don't work. 

If I use only one ldap-server, it works. With both servers, only the first
server work.

I debug pam_ldap and found the Problem. 

In pam_ldap.c the funktion _pam_ldap_get_session (l:2630) check if the cache
has old cached informations. If the name of the config-name is changed
(l:2662), the user_info is released. This work fine, but after this, the
funktion go back without rereading the config (l:2672).

with this hacky-patch, i resolve the problem:
  |--- pam_ldap.c.old      2006-03-10 09:15:21.000000000 +0100
  |+++ pam_ldap.c  2006-03-10 09:15:41.000000000 +0100
  |@@ -2669,7 +2669,7 @@
  | #if LDAP_SET_REBIND_PROC_ARGS < 3
  |       global_session = *psession;
  | #endif
  |-      return PAM_SUCCESS;
  |+      // return PAM_SUCCESS;
  |     }
  |
  |   *psession = NULL;

But this is not a real solution. With this the cached data are never used und
maybe we have now some pointer problems or so.

Can you reproduce the bug? Can you make a real fix?

Thanks for your work

Gruss Grisu
-- 
Michael Bramer  -- http://www.feuerwehr.kreuzau.de/wiki/
PGP: finger [EMAIL PROTECTED]  -- Linux Sysadmin   -- Use Debian Linux
Jaja. Die Heisenbergsche Unschaerferelation soll nur die Rechenfehler
der Simulationshardware verdecken.
  -- [EMAIL PROTECTED] (Lutz Donnerhacke) ueber simulierte Realitaet


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to