[Bug 1418265] Re: Memory leak when using pam_ldap in long running processes
The aptitude output shows that the bug is in libpam-ldap, not in libpam- ldapd (part of nss-pam-ldapd). ** Package changed: nss-pam-ldapd (Ubuntu) = libpam-ldap (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libpam-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1418265 Title: Memory leak when using pam_ldap in long running processes To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libpam-ldap/+bug/1418265/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1090554] Re: id segfaults when looking up user information
The described bug is in the libnss-ldap package which is not related to nss-pam-ldapd. You do not need nslcd if you are using libnss-ldap and libpam-ldap. It is not used at all. If you want to use nslcd, you should be using libnss-ldapd and libpam-ldapd instead. The warning message with the undefined symbol is because on start-up nslcd tries to load the libnss-ldapd NSS module to try to disable it within nslcd to avoid lookup loops. This message indicates that the mechanism to disable these lookups was not found. It probably means that libnss-ldap is installed instead of libnss-ldapd (or a version older than 0.7.7). ** Package changed: nss-pam-ldapd (Ubuntu) = libnss-ldap (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/1090554 Title: id segfaults when looking up user information To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1090554/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
craig-white@139 Please file a bug against nslcd to track the problem with pam_authz_search. Also, in general, bug reports for any missing features are welcome. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
You can replace pam_check_host_attr yes with pam_authz_search ((objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*))) See the nslcd.conf manual page for more details (the 0.7 series doesn't have the fqdn value yet). Btw, you can use libpam-ldap fine together with libnss-ldapd if you prefer. Also note that nslcd is no replacement for nscd. nslcd doesn't do much caching and nscd (or unscd) can still be used to reduce the load on your LDAP server. The only real things that are missing in nss-pam-ldapd are nested groups and LDAP password policies. Patches are welcome ;) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
If you are seeing something like: Warning: /lib/x86_64-linux-gnu/libnss_ldap.so.2: undefined symbol: _nss_ldap_enablelookups (probably older NSS module loaded) It means that you probably have libnss-ldap installed instead of libnss-ldapd (note the extra d). Using nslcd works best with libnss-ldapd and libpam-ldapd. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
It is probably best to migrate to either nss-pam-ldapd, sssd or nss-pam- ldapd in combination with the nssov slapd overlay. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in Ubuntu. https://bugs.launchpad.net/bugs/423252 Title: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su and sudo
Regarding the pam_check_host_attr and pam_check_service_attr options of pam_ldap, nslcd has a pam_authz_search option that can replace functionality of those options (and much more). This option has been in nss-pam-ldapd since version 0.7.4. Any other feature requests (and bug reports) are very much welcome on the nss-pam-ldapd-users mailing list. Regarding the previous comment, could you file a bug report on the nss- pam-ldapd package if you think the problem is there? From the log it shows that only three lookups for the user user333 came in. No authentication requests were done for that user (at least not through nslcd). -- NSS using LDAP+SSL breaks setuid applications like su and sudo https://bugs.launchpad.net/bugs/423252 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 237115] Re: nscd: nss_ldap: server is unavailable
** Changed in: ubuntu Sourcepackagename: libnss-ldap = None -- nscd: nss_ldap: server is unavailable https://bugs.launchpad.net/bugs/237115 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs