Howard Wilkinson <howard@xxxxxxxxxxx> writes: >>> Enrico, could you expand on the issues you see with nss_ldap under >>> Fedora. > > can you point me at the bugzilla reports please. I have been following > the ones on pdal but if there is another source I would like to see it https://bugzilla.redhat.com/buglist.cgi?component_text=nss_ldap > Do the problems you see occur when using kerberos to autheticate to > the ldap server? Or are they in another path? You may need to set > "bind_policy soft" to get rid of the hangs. No kerberos (at least not for LDAP bind), only a single LDAP server, no SSL/TLS. 'koji list-api' stucks at | open("/etc/passwd", O_RDONLY|0x80000 /* O_??? */) = 5 | fstat(5, {st_mode=S_IFREG|0644, st_size=2693, ...}) = 0 | mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fb3c3218000 | read(5, "root:x:0:0:root... | read(5, "", 4096) = 0 | close(5) = 0 | munmap(0x7fb3c3218000, 4096) = 0 | futex(0x7fb3bb1bee00, FUTEX_WAIT_PRIVATE, 2, NULL This futex address is used here the first and only time; there are no childs or threads which could issue a WAKE. nsswitch.conf contains 'ldap' entries for 'passwd' and 'group' only (not for 'shadow' or 'hosts'). The bash lockups are not 100% reproducible, but bash hangs in such a futex() call too. There is a connection to the ldap server in CLOSE_WAIT state and a unix socket (connection to a died nscd?) in this situation. > Things that need some attention in nss_ldap include the ability to > fail over to a second ldap server, which may be your real problem. $ sed '/^\(#.*\|\)$/d' /etc/ldap.conf host ldap.bigo.ensc.de. base dc=bigo,dc=ensc,dc=de pam_min_uid 1000 nss_base_passwd ou=People,dc=bigo,dc=ensc,dc=de?one nss_base_group ou=Group,dc=bigo,dc=ensc,dc=de?one ssl no pam_password md5 > Anyway, the version I run is 259 with my patches for the kerberos > library included (see PDAL bugzilla 298) and I get occassional > segfaults from nscd but otherwise it works nicely with kerberos > keytabs and file based tickets. I have yet to test memory based > tickets. nss_ldap-259-3.fc9.x86_64 Enrico -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
