Package: libnss-ldapd Version: 0.6.8 With 0.6.7 if I have "tls_reqcert never" in /etc/ldap/ldap.conf then nslcd can connect to my ldap servers (which unfortunately have certificate problems and are outside of my administrative control) and things work quite happily. The switch to 0.6.8 broke this capability (almost surely the "clean the environment and set LDAPNOINIT" change is responsible), even when I put "tls_reqcert never" in my /etc/nss-ldapd.conf, which notably hasn't been well tested according to the warning messages.
Without "tls_reqcert never" in /etc/nss-ldapd.conf I just got this: Mar 28 03:39:41 deadhour nslcd[11653]: [6c6125] failed to bind to LDAP server ldaps://id.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:41 deadhour nslcd[11653]: [6c6125] failed to bind to LDAP server ldaps://id3.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:41 deadhour nslcd[11653]: [8c895d] failed to bind to LDAP server ldaps://id3.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:41 deadhour nslcd[11653]: [8c895d] failed to bind to LDAP server ldaps://id4.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:41 deadhour nslcd[11653]: [8c895d] no available LDAP server found, sleeping 1 seconds Mar 28 03:39:41 deadhour nslcd[11653]: [6c6125] failed to bind to LDAP server ldaps://id4.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:41 deadhour nslcd[11653]: [6c6125] no available LDAP server found, sleeping 1 seconds Mar 28 03:39:42 deadhour nslcd[11653]: [8c895d] failed to bind to LDAP server ldaps://id1.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:42 deadhour nslcd[11653]: [6c6125] failed to bind to LDAP server ldaps://id1.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:42 deadhour nslcd[11653]: [8c895d] failed to bind to LDAP server ldaps://id2.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:42 deadhour nslcd[11653]: [8c895d] no available LDAP server found, sleeping 1 seconds Mar 28 03:39:42 deadhour nslcd[11653]: [6c6125] failed to bind to LDAP server ldaps://id2.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:39:42 deadhour nslcd[11653]: [6c6125] no available LDAP server found, sleeping 1 seconds Mar 28 03:39:43 deadhour nslcd[11653]: [8c895d] no available LDAP server found Mar 28 03:39:43 deadhour nslcd[11653]: [6c6125] no available LDAP server found While I'm not surprised it couldn't establish the connection due to not being able to verify the certs, the error message could stand to be more informative. After adding "tls_reqcert never" to /etc/nss-ldapd.conf the messages changed slightly to: Mar 28 03:41:02 deadhour nslcd[7158]: [8b4567] failed to bind to LDAP server ldaps://id.sea/: Can't contact LDAP server: No such file or directory Mar 28 03:41:02 deadhour nslcd[7158]: [8b4567] failed to bind to LDAP server ldaps://id3.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:41:02 deadhour nslcd[7158]: [8b4567] failed to bind to LDAP server ldaps://id4.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:41:02 deadhour nslcd[7158]: [8b4567] failed to bind to LDAP server ldaps://id1.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:41:02 deadhour nslcd[7158]: [8b4567] failed to bind to LDAP server ldaps://id2.sea/: Can't contact LDAP server: Operation now in progress Mar 28 03:41:02 deadhour nslcd[7158]: [8b4567] no available LDAP server found, sleeping 1 seconds Mar 28 03:41:03 deadhour nslcd[7158]: [8b4567] no available LDAP server found Downgrading to 0.6.7 restores normal operation and things work smoothly. -- Jamie Heilman http://audible.transient.net/~jamie/ "Most people wouldn't know music if it came up and bit them on the ass." -Frank Zappa -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org