On Wed, Feb 20, 2008 at 11:54:03AM -0800, Richard A Nelson wrote:
> Then, on the one system, only system users (not fully in LDAP) return
> that error - general user accounts (ie cowboy) work just fine.
>
The symptom that shows in id seems to depend on how many groups someone
is in. So its not terribly easy to test for on an arbitrary system. So I
wrote a different program to test for the bug. If it prints "getpwent()
errno = 2" after dumping the user/uid mapping then it hit the ENOENT error.
> Did this perchance start with the move to the newer libldap ?
>
I can reproduce it with:
libnss-ldap_251-7.5etch1 - libldap2_2.1.30.dfsg-13.5
libnss-ldap_258-1+b1 - libldap-2.4-2_2.4.7-5
libnss-ldap_259-1 - libldap-2.4-2_2.4.7-5
If you want me to run a test slapd server of a different version I can,
but that will take longer to setup. I
I've tested some other libnss modules and nss-ldap is the only one that
gives an ENOENT when it hits the end of the list.
--
Jon
"You're talking about a group of people who are paid large sums of money for
their ability to communicate with inanimate objects made of melted sand."
-NANOG
#include <errno.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <unistd.h>
int main(int argc, char **argv) {
errno = 0;
setpwent();
if( errno != 0 ) {
fprintf(stderr, "setpwent() errno = %d\n", errno);
}
for(;;) {
errno = 0;
struct passwd *ent = getpwent();
if( ent == NULL || errno != 0 ) {
fprintf(stderr, "getpwent() errno = %d\n", errno);
break;
}
printf("%s : %d\n", ent->pw_name, ent->pw_uid);
}
errno = 0;
endpwent();
if( errno != 0 ) {
fprintf(stderr, "endpwent() errno = %d\n", errno);
}
return 0;
}
