On 04/15/2009 01:33 AM, Konrad Heuer wrote:
> I see a problem on two systems running FreeBSD 7.0 or 7.1 which are
> configured as OpenLDAP clients using the nss_ldap module.
> When someone logs on using ssh protocol version 2 the session will not
> be initialized correctly. The user will only get his primary group
> affiliation but no affiliation to other groups (memberUid attribute in
> LDAP group entries).
> On 7.1 the ssh login process hangs forever with open ldap queries, on
> 7.0 the group list is incomplete. On several 6.x systems, all works
> correctly.
> I have used the configuration for years now.
> There are some workarounds I found:
> a) use ssh protocol version 1
> b) set UseLogin to yes in sshd_config
> c) avoid ssl encryption in communication to ldap server
>    (ldap://... uri instead of ldaps://... in ldap.conf)
> Does anybody see similar problems? Does anybody have an idea what may
> couse the problem?

I recently submitted ports/133501 regarding this issue, but I have not
yet received a response.

My workaround was to disable pthread_atfork support, so the problem
might be related to the change from libkse to libthr in RELENG_7.

Benjamin Lee

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to