On Wed, Sep 22, 2010 at 22:26:31 -, greenmoss wrote:
My bug 509734 was marked as a duplicate of this one. This was a special
case using the atd job scheduler. At jobs launched by ldap users worked,
but at jobs launched by root did *not* work. atd was doing a group
lookup, and nss was
On Fri, Sep 24, 2010 at 16:46:25 -, Nathan Stratton Treadway wrote:
As greenmoss found, when I was running with libpam/nss-ldap and
no nscd (and didn't have any of the users in question listed in
the ignoreusers line), my at commands worked for LDAP users
but not for ones defined in
My bug 509734 was marked as a duplicate of this one. This was a special
case using the atd job scheduler. At jobs launched by ldap users worked,
but at jobs launched by root did *not* work. atd was doing a group
lookup, and nss was dropping privileges, thus breaking root-launched at
jobs. To work
We had the same problem over here - upgrading from Debian Lenny to Testing...
The problem is caused by a change in the configuration files, which have
apparently changed in the different versions of openldap. Reinstall ldap to get
the original configuration files. /etc/ldap.conf seems to be the
Regarding the pam_check_host_attr and pam_check_service_attr options of
pam_ldap, nslcd has a pam_authz_search option that can replace
functionality of those options (and much more). This option has been in
nss-pam-ldapd since version 0.7.4.
Any other feature requests (and bug reports) are very
nslcd is a fail on lucid for me. Trying to start from upstart fails.
Running it by hand in debug mode works but when trying to su from one
LDAP user to another it again fails:
# service nslcd start
* Starting LDAP connection daemon nslcd nslcd: unable to daemonize: No
such device
same here (like comment #92). I can su to any local user not just root.
Trying to su to any LDAP user results in 'su[***]: initgroups failed for
user `atest': Operation not permitted'
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You
Googlebait: This also breaks apache2 suexec, as initgroups() fails,
resulting in the error failed to setgid.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Server Team,
I have the same symptoms on Lucid:
With nscd I can at least su to root but not to any other LDAP user
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Server Team, which
My experience with libnss-ldap is that nscd allows sudo but not su.
Also the GUI authentication doesn't work.
I just got around to testing libnss-ldapd and I can verify that both sudo and
su work there.
Ubuntu's gui authentication process does not work though. When you try
to perform a
I'm sorry, my previous comment didn't hold up to scrutiny. A reboot
seems to have gotten rid of those errors
The GUI authentication dialogue is asking for the root password rather
than the password of the logged in user. Does anyone know if this is
the intended behavior?
--
NSS using
Also confirming that installing nscd was successful as a workaround for
me. Also worth noting that my symptoms of this issue matched those
explained above. This is on a fresh 10.04 install.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
For me both workarounds in the release notes aren't very usable, unfortunately.
I can't use libnss-ldapd as the pam_check_host_attr and pam_check_service_attr
options in libnss-ldap are essential for me, but as Ian Gordon wrote
libnss-ldapd doesn't support these.
The other solution (nscd) is
** Tags added: patch
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.
--
Ubuntu-server-bugs mailing list
This bug also affects new installations.
Installing nscd does not fully fix the problem as it leaves su unable to
su from an ldap user to another ldap user and a local user unable to su
to an ldap user. Error is setgid: Operation not permitted
libpam-ldapd/libnss-ldapd does not support all the
That's unfortunate, I didn't realize libpam-ldapd was so incomplete. You
can still use nssov for full pam support.
Your best option for an immediate fix is still the libgcrypt patch I
posted. Without that basically all Karmic and Lucid nss-ldap+SSL
installations are dead in the water. As a longer
Could you provide a link to explanation of what nssov is and maybe how
to use it?
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to
http://www.openldap.org/devel/cvsweb.cgi/~checkout~/contrib/slapd-
modules/nssov/README?rev=1.11
It's an overlay for OpenLDAP slapd which implements all of the nss and
pam calls, replacing Arthur deJong's nslcd.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
Updated text with:
== NSS resolution breaks with LDAP over SSL in Ubuntu Server ==
Upgrading systems configured to use LDAP via SSL as the first service in
the NSS stack (in /etc/nsswitch.conf) leads to broken NSS resolution
afterwards such that `setuid` applications like `sudo` would stop
This bug was introduced in karmic, so upgrade from karmic to lucid shouldn't be
affected.
But for instance all upgrades from last LTS release (not only Ubuntu Server)
will get affected.
** Changed in: ubuntu-release-notes
Status: Fix Released = Confirmed
--
NSS using LDAP+SSL breaks
I don't see that this requires any changes to the release notes text,
though.
** Changed in: ubuntu-release-notes
Status: Confirmed = Fix Released
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification
** Bug watch added: Debian Bug tracker #566351
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
** Also affects: libgcrypt11 (Debian) via
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=566351
Importance: Unknown
Status: Unknown
--
NSS using LDAP+SSL breaks setuid
** Changed in: libgcrypt11 (Debian)
Status: Unknown = Confirmed
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in
Added this text to the release notes:
== NSS resolution breaks with LDAP over SSL in Ubuntu Server ==
Upgrading systems configured to use LDAP via SSL as the first service in
the NSS stack (in /etc/nsswitch.conf) leads to broken NSS resolution
afterwards such that applications like sudo would
Please use the Release note from the description instead of the one in
comment 66.
** Changed in: ubuntu-release-notes
Status: Fix Released = Confirmed
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug
** Summary changed:
- NSS using LDAP on Karmic breaks 'su' and 'sudo'
+ NSS using LDAP+SSL breaks setuid applications like su and sudo
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification because you are a
** Description changed:
On Karmic (alpha 4 plus updates), changing the nsswitch.conf 'passwd'
field to anything with 'ldap' as the first item breaks the ability to
become root using 'su' and 'sudo' as anyone but root.
Default nsswitch.conf:
passwd: compat
group:
The nscd workaround does work for me under Lucid.
I haven't had a problem using nscd under 9.10 either, though my systems have
very light traffic.
--
NSS using LDAP+SSL breaks setuid applications like su and sudo
https://bugs.launchpad.net/bugs/423252
You received this bug notification
28 matches
Mail list logo
