i use the nss and pam stub libraries from nss-pam-ldapd [no nslcd] with nssov. i've just upgraded nss-pam-ldapd from 0.8.13 to 0.9.4. at the moment, i'm using openldap version 2.4.31. after upgrading nss-pam-ldapd, nss and pam stopped working with ldap, and i see this in slapd's debug log:
54acaf72 daemon: activity on 1 descriptor 54acaf72 daemon: activity on:54acaf72 13r54acaf72 54acaf72 daemon: read active on 13 54acaf72 daemon: epoll: listen=7 active_threads=0 tvp=NULL 54acaf72 daemon: epoll: listen=8 active_threads=0 tvp=NULL 54acaf72 connection_get(13) 54acaf72 connection_get(13): got connid=0 54acaf72 daemon: activity on 1 descriptor 54acaf72 daemon: activity on:54acaf72 54acaf72 daemon: epoll: listen=7 active_threads=0 tvp=NULL 54acaf72 daemon: epoll: listen=8 active_threads=0 tvp=NULL 54acaf72 nssov: connection from uid=0 gid=0 54acaf72 nssov: wrong nslcd version id (33554432)
how can i find out what nslcd version id is required, and what version is present in each of the components?
thanks -ben
Hi,
On Tue, Jan 06, 2015 at 11:11:03PM -0500, btb@bitrate.net wrote:
i use the nss and pam stub libraries from nss-pam-ldapd [no nslcd] with nssov. i've just upgraded nss-pam-ldapd from 0.8.13 to 0.9.4.
The nslcd protocol changed from 0.8.x to 0.9.x. I'm working on a patch (nss done, pam still WIP) and hope to send it to the ITS soon.
If you'd like to help, I'd be happy to post my WIP changes.
at the moment, i'm using openldap version 2.4.31.
On Ubuntu? Then please subscribe to http://pad.lv/1393306 and mark it as affecting you. (And maybe http://pad.lv/1395098 while you're at it.)
On 2015.01.06 23.54, Ryan Tandy wrote:
Hi,
On Tue, Jan 06, 2015 at 11:11:03PM -0500, btb@bitrate.net wrote:
i use the nss and pam stub libraries from nss-pam-ldapd [no nslcd] with nssov. i've just upgraded nss-pam-ldapd from 0.8.13 to 0.9.4.
The nslcd protocol changed from 0.8.x to 0.9.x. I'm working on a patch (nss done, pam still WIP) and hope to send it to the ITS soon.
If you'd like to help, I'd be happy to post my WIP changes.
thanks, yes, i'd be interested.
at the moment, i'm using openldap version 2.4.31.
On Ubuntu? Then please subscribe to http://pad.lv/1393306 and mark it as affecting you. (And maybe http://pad.lv/1395098 while you're at it.)
yes, ubuntu, thanks. i've marked both. i'm glad to see i'm not the only one who thinks it's time to upgrade that package.
-ben
On Wed, Jan 07, 2015 at 08:26:12AM -0500, btb wrote:
On 2015.01.06 23.54, Ryan Tandy wrote:
The nslcd protocol changed from 0.8.x to 0.9.x. I'm working on a patch (nss done, pam still WIP) and hope to send it to the ITS soon.
If you'd like to help, I'd be happy to post my WIP changes.
thanks, yes, i'd be interested.
ftp://ftp.openldap.org/incoming/20150107_rtandy_0001-update-nss-pam-ldapd-files-to-0.9.4.patch ftp://ftp.openldap.org/incoming/20150107_rtandy_0002-WIP-update-nssov-for-nslcd-0.9.patch
On Jan 07, 2015, at 10.56, Ryan Tandy ryan@nardis.ca wrote:
On Wed, Jan 07, 2015 at 08:26:12AM -0500, btb wrote:
On 2015.01.06 23.54, Ryan Tandy wrote:
The nslcd protocol changed from 0.8.x to 0.9.x. I'm working on a patch (nss done, pam still WIP) and hope to send it to the ITS soon.
If you'd like to help, I'd be happy to post my WIP changes.
thanks, yes, i'd be interested.
ftp://ftp.openldap.org/incoming/20150107_rtandy_0001-update-nss-pam-ldapd-files-to-0.9.4.patch ftp://ftp.openldap.org/incoming/20150107_rtandy_0002-WIP-update-nssov-for-nslcd-0.9.patch
thanks. a cursory test with those patches against the 2.4.40 source has nss working here as well. i noticed only the passwd, group, and ether files have been patched. do the files corresponding to the remaining nss databases need to be patched as well? i might be out of my depth as far as contributions to code go, but i'm happy to test if nothing else.
-ben
Hi btb, and anyone else interested,
It's been a while, but I finally dusted this off and had a go at getting the second half done. If you're able to bang on this a bit in a test environment and let me know about any bugs that fall out, I'd be grateful. Still going to do a bit of cleanup and more testing before I send it to the ITS.
ITS#8079 (already in RE24): ftp://ftp.openldap.org/incoming/20150313_rtandy_nssov-fix-compare-for-usergroup.patch ITS#8080 (under review, subject to change): ftp://ftp.openldap.org/incoming/20150315_rtandy_nssov-require-old-password-unless-pwdmgr.patch ftp://ftp.openldap.org/incoming/20150315_rtandy_nssov-only-allow-root-to-become-pwdmgr.patch ftp://ftp.openldap.org/incoming/20150315_rtandy_nssov-allow-user-pwmod-without-pwdmgr-configured.patch updates for nss-pam-ldapd 0.9.x: ftp://ftp.openldap.org/incoming/20150317_rtandy_WIP_nssov-update-nss-pam-ldapd-files-to-0.9.4.patch ftp://ftp.openldap.org/incoming/20150317_rtandy_WIP_nssov-update-to-protocol-version-2.patch
thanks, Ryan
openldap-technical@openldap.org
-
btb -
btb@bitrate.net
-
Ryan Tandy