Package: libnss-ldapd Severity: serious Version: 0.6.5 Hi,
since we use libnss-ldapd we have a problem that is quiet serious for us, as it effectively affects login and group ACLs. However we couldn't yet track down this issue to a specific component, therefore we didn't report it yet. The setup: Our setup is a mixed Windows/Linux environment with a LDAP server, for central authentication. Linux clients use libnss-ldapd for resolution of usernames and groups. The problem: After reboot of the Linux clients they are unable to resolve groups and sometimes are also unable to resolve users. The result is that files are owned by [nobody]:nogroup, while getent passwd and getent group show the right result. In consequence people are unable to properly login (because desktop environment need read permissions on their setting ;) and user permissions are broken. After 10-30 minutes of running the problem disappears. This makes me think that some timeout occours, but I can't tell which. I thought its probably somehow related to the udev resolution issues that are handled different in libnss-ldapd from libnss-ldap which produces a significant delay when booting because groups can't be resolved while ldap is accessible, which is handled gracefully bei libnss-ldapd. Maybe you gather invalid results while booting, because LDAP is not accessible. But I don't see why nslcd should cache these results so I think my idea is absurd. The problem is reproducable with or without nscd running, so the problem is not related to it. The problem seems not to be related to the groups which contain spaces, except that it spams the log secondly with error messages unless my patch is applied. The problem does not occur with libnss-ldap, so the problem is specific to libnss-ldapd. I've choosen severity serious for this issue because at the one hand the problem would fit severity 'Critical', because it "makes unrelated software on the system (or the whole system) break", but then again I felt uncomfortable with it, because the problem does not persist over the uptime of the system and after 10-30 minutes the problem disappears. But I think it should definitive be fixed for lenny. Best Regards, Patrick
signature.asc
Description: Digital signature
