Is there a fix for this for 7.10? When the LDAP server is down, it hangs
on klog etc. I have bind_policy soft set and it still hangs. Adding
nss_initgroups_ignoreusers to my ldap.conf seems to be a workaround.
--
libnss-ldap: calls to initgroups() causes boot to hang when using 'bind_policy
** Changed in: libnss-ldap (Debian)
Status: Unknown = Fix Released
--
libnss-ldap: calls to initgroups() causes boot to hang when using 'bind_policy
hard'
https://bugs.launchpad.net/bugs/155947
You received this bug notification because you are a member of Ubuntu
Server Team, which is a
Howdy all-
An updated libnss-ldap package is available in the Hardy repos as of
yesterday, containing a fix for this problem.
We've tested it in our environments and it seems to solve the issue.
I'm curious if anyone else out there has tried it, and if problems
persist.
:-Dustin
--
Turns out the above doesn't work out too well, as the patch depends on
getpwnam_r(), a glibc function which then ends up using libnss-ldap.
Tried a few things, but it didn't help the hang.
A less intrusive patch will be to have an initscript run on shutdown
which edits /etc/ldap.conf based on the
This bug was fixed in the package libnss-ldap - 258-1ubuntu3
---
libnss-ldap (258-1ubuntu3) hardy; urgency=low
* add nssldap-update-ignoreusers that updates nss_initgroups_ignoreusers in
/etc/ldap.conf based on nss_initgroups_minimum_uid. Added initscript to
call
Updated the description and marked as triaged.
** Changed in: libnss-ldap (Ubuntu)
Status: Confirmed = Triaged
--
libnss-ldap: calls to initgroups() causes boot to hang when using 'bind_policy
hard'
https://bugs.launchpad.net/bugs/155947
You received this bug notification because you
How about a patch to libnss-ldap to respect an environment variable to
force soft binding? Something like 'if
(getenv(NSS_LDAP_BINDPOLICY_SOFT != 0 getuid() 100)) { /* force
soft bind regardless of ldap.conf */ }'
--
libnss-ldap: calls to initgroups() causes boot to hang when using
Discussion on irc and phone resulted in the following solution:
Add a new configuration option 'nss_initgroups_ignoreusers_below_uid'
(or similar) and have it default to '1000'. This option will be
configurable in /etc/ldap.conf. Admins can adjust this to be any valid
uid.
--
libnss-ldap:
Upstream started to consider this, and have a preliminary patch here:
http://bugzilla.padl.com/show_bug.cgi?id=341
--
libnss-ldap: calls to initgroups() causes boot to hang when using 'bind_policy
hard'
https://bugs.launchpad.net/bugs/155947
You received this bug notification because you are a