Serious LDAP Authentication Issues[Scanned]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi guys,
I posted a while back about an LDAP authentication error I am getting, now I've since found a work around but its messy to say the least. I'm hoping this will catch one of the developers attention.
If I configure LDAP authentication to my Windows Server 2003 Domain via Services For Unix 3.5, the majority of my users cannot log into the system, there is an error like this that flashes up:
login:../../../libraries/liblber/sockbuf.c:89: ber_sockbuf_ctrl: Assertion ' ( (sb)->sb_opts.lbo_valid == 0x3)' failed 

If I run "id %username%" - ie "id chrisbradford" i get:
id: ../../../libraries/liblber/sockbuf.c:89: ber_sockbuf_ctrl: Assertion `( (sb)->sb_opts.lbo_valid == 0x3 )' failed. 
uid=10010(chrisbradford) gid=10000(LinuxUsers)Aborted
So this appears to be a problem when obtaining the secondary group information as submitted in this bugzilla report: 

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=187448
Now, what I've noticed is that this seems to be a problem with the newer nss_ldap libraries (ie 249 & 250), I say this because FC4 *does not* have these problems, and neither does Ubuntu 5.05/6.06 (which uses libnss-ldap 238) The latest version of OpenSuse *is* however affected by this issue and it has a more recent version of nss-ldap
The workaround under FC5 is to install BerkelyDB, OpenLDAP and then nss_ldap-250. The catch is that the ldap libraries only work for a short while before these problems arise again, thus they have to be re-installed via a cron job *every hour*. This is madness! The setup of all this adds around 2 hours to a basic install.
Has anyone else experienced these issues, and if so have you found a more permanent solution, and one that does not take so long? I'm determined after getting a fix going that I would help get this fixed. I imagine its a pretty serious issue, as an enterprise of around 500 workstations we're keen to use Linux, and I'm keen to push FC5, but this is hindering our roll-outs. 

Many thanks,

Chris Bradford




This message has been scanned for viruses by BlackSpider MailControl - www.blackspider.com

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux