Package: nslcd Version: 0.7.3 Severity: important
On my Lenny boxes I have rolled out a sitewide configuration to try ldap://127.0.0.1 ldap://ldap1.domain.com ldap://ldap2.domain.com as servers, to facilitate the use of a local LDAP slave on several boxes and still providing a backup to the central servers. Systems without a local slave could not connect to 127.0.0.1, issued a warning in the log and used the central servers in the future. This does not work with Squeeze anymore. I can successfully do things like getent(1) or id(1) on the central servers, but I cannot login. As one can see in the debug log it never tries the next server when the ldap_simple_bind_s() call fails. r...@devel:~# nslcd -d nslcd: DEBUG: add_uri(ldap://127.0.0.1/) nslcd: DEBUG: add_uri(ldap://ldap1.domain.com/) nslcd: DEBUG: add_uri(ldap://ldap2.domain.com/) nslcd: version 0.7.3 starting nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory nslcd: DEBUG: setgroups(0,NULL) done nslcd: DEBUG: setgid(105) done nslcd: DEBUG: setuid(103) done nslcd: accepting connections nslcd: [8b4567] DEBUG: connection from pid=6629 uid=0 gid=0 nslcd: [8b4567] DEBUG: nslcd_passwd_byname(username) nslcd: [8b4567] DEBUG: myldap_search(base="dc=domain,dc=com", filter="(&(objectClass=posixAccount)(uid=username))") nslcd: [8b4567] DEBUG: ldap_initialize(ldap://127.0.0.1/) nslcd: [8b4567] DEBUG: ldap_set_rebind_proc() nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://127.0.0.1/";) nslcd: [8b4567] failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server: Transport endpoint is not connected nslcd: [8b4567] DEBUG: ldap_initialize(ldap://ldap1.domain.com/) nslcd: [8b4567] DEBUG: ldap_set_rebind_proc() nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://ldap1.domain.com/";) nslcd: [8b4567] connected to LDAP server ldap://ldap1.domain.com/ nslcd: [8b4567] DEBUG: ldap_result(): end of results nslcd: [7b23c6] DEBUG: connection from pid=6629 uid=0 gid=0 nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(username) nslcd: [7b23c6] DEBUG: myldap_search(base="dc=domain,dc=com", filter="(&(objectClass=posixAccount)(uid=username))") nslcd: [7b23c6] DEBUG: ldap_initialize(ldap://ldap1.domain.com/) nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc() nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [7b23c6] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://ldap1.domain.com/";) nslcd: [7b23c6] connected to LDAP server ldap://ldap1.domain.com/ nslcd: [7b23c6] DEBUG: ldap_result(): end of results nslcd: [3c9869] DEBUG: connection from pid=6629 uid=0 gid=0 nslcd: [3c9869] DEBUG: nslcd_shadow_byname(username) nslcd: [3c9869] DEBUG: myldap_search(base="dc=domain,dc=com", filter="(&(objectClass=shadowAccount)(uid=username))") nslcd: [3c9869] DEBUG: ldap_initialize(ldap://ldap1.domain.com/) nslcd: [3c9869] DEBUG: ldap_set_rebind_proc() nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [3c9869] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://ldap1.domain.com/";) nslcd: [3c9869] connected to LDAP server ldap://ldap1.domain.com/ nslcd: [3c9869] DEBUG: ldap_result(): end of results nslcd: [334873] DEBUG: connection from pid=6629 uid=0 gid=0 nslcd: [334873] DEBUG: nslcd_pam_authc("username","","sshd","***") nslcd: [334873] DEBUG: myldap_search(base="dc=domain,dc=com", filter="(&(objectClass=posixAccount)(uid=username))") nslcd: [334873] DEBUG: ldap_initialize(ldap://ldap1.domain.com/) nslcd: [334873] DEBUG: ldap_set_rebind_proc() nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [334873] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldap://ldap1.domain.com/";) nslcd: [334873] connected to LDAP server ldap://ldap1.domain.com/ nslcd: [334873] DEBUG: ldap_initialize(ldap://127.0.0.1/) nslcd: [334873] DEBUG: ldap_set_rebind_proc() nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON) nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON) nslcd: [334873] DEBUG: ldap_simple_bind_s("uid=username,ou=people,dc=domain,dc=com","***") (uri="ldap://127.0.0.1/";) nslcd: [334873] failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server: Transport endpoint is not connected Removing the 127.0.0.1 entry from ldap-uris fixes the problem, but makes my life more complicated on provisioning. And what if the first server would exist, but is just down/unreachable at the moment? -- System Information: Debian Release: squeeze/sid APT prefers testing xArchitecture: amd64 (x86_64) Kernel: Linux 2.6.32-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nslcd depends on: ii adduser 3.112 add and remove users and groups ii debconf [debconf-2.0] 1.5.30 Debian configuration management sy ii libc6 2.10.2-6 Embedded GNU C Library: Shared lib ii libgssapi-krb5-2 1.8+dfsg~alpha1-7 MIT Kerberos runtime libraries - k ii libldap-2.4-2 2.4.17-2.1 OpenLDAP libraries Versions of packages nslcd recommends: ii libnss-ldapd 0.7.3 NSS module for using LDAP as a nam ii libpam-ldapd 0.7.3 PAM module for using LDAP as an au pn nscd <none> (no description available) nslcd suggests no packages. -- debconf information: nslcd/ldap-bindpw: (password omitted) * nslcd/ldap-starttls: false * nslcd/ldap-base: dc=domain,dc=com nslcd/ldap-reqcert: * nslcd/ldap-uris: ldap://127.0.0.1/ ldap://ldap1.domain.com/ ldap://ldap2.domain.com/ * nslcd/ldap-binddn: -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
