On Fri, 23 Jan 2009, Olf Epler wrote:
Hello Jon,
if I start my ldap server in debug mode I can see
that it answers on port 389 and also - the other case -
on port 636.
There is nothing wrong in the debug output from the server.
On the other hand I found that a downgrade to nss_ldap-253-5
should solve the problem. This is also not true or only a
part of the game.
In the case I try to login on console (ldaps configured)
I get as root:
pam_unix(login:session): session opened for user root
ROOT LOGIN ON tty1
pam_unix(login:session): session closed for user root
and for other users:
pam_console(login:session): handler '/sbin/pam_console_apply'
caught a signal 13
This is already posted in many sites.
So I believe this is not a configuration problem, this is a
bug in the nss/pam version that is used in SL-5.2.
Certainly almost all the problems which were reported look like they were
caused/triggered by the newer nss_ldap update, so you might want to check
the list archives in case any of the earlier messages show up config
changes that might help fix the problem. At least a couple of people
reported configs which (with lapds/starttls) worked for them with the
newer nss_ldap version.
The other errors sound a _bit_ like the problems with uid/gid lookups for
processes (like udev/hald) which are started before lapd is available (and
needed something adding to an exclusion list). Again there were several
earlier messages mentioning things to check/add.
My next step is a full nss/pam downgrade to the SL-5.1 versions.
Regards, Olf
-- Jon
