Re: broken libnss-ldap
> Yesterday i've upgraded my pure64 box. One of the packages was
> libnss-ldap. After the upgrade and restart my login stopped working. The
> remote logins are still working fine, but the local logins are not. I am
> using centralised authentication with ldap. After removing the ldap
> related entries from the nsswitch.conf the local login accounts have
> started to work.
>
> Has anyone else experienced similar issues, or is it just me? Shall i
> file in a bug report?
Same problem here... login, gdm etc. go into a busy loop calling
futex(FUTEX_WAIT,...) with return value EAGAIN.
The reason seems to be the same as described in #306258: libnss-ldap
and libpam-ldap must be linked with the same kind of libldap (libldap
or libldap_r). On i386 this has been solved by rebuilding openldap2 to
provide only libldap_r in the libldap2 package. After that,
libpam-ldap has been recompiled to link with libldap_r, so everything
work again.
However, for amd64 it seems that libpam-ldap has been compiled with an
older libldap2 (probably because build dependencies weren't tight
enough):
~> dpkg -s libpam-ldap
Package: libpam-ldap
Version: 178-1
Depends: libc6 (>= 2.3.2.ds1-4), libldap2 (>= 2.1.17-1), libpam0g (>= 0.76), debconf (>= 0.5)
~> ldd /lib/security/pam_ldap.so
libldap.so.2 => /usr/lib/libldap.so.2 (0x00002aaaaabcd000)
~> dpkg -s libnss-ldap
Package: libnss-ldap
Version: 238-1
Depends: libc6 (>= 2.3.2.ds1-4), libldap2 (>= 2.1.17-1), debconf
~> ldd /lib/libnss_ldap-2.3.2.so
libldap_r.so.2 => /usr/lib/libldap_r.so.2 (0x00002aaaaabde000)
In the comments to #306258 the maintainer mentions that he has linked
libnss-ldap explicitly to libldap_r for other reasons, which caused
the breakage. After noticing, he recompiled later against the new
libldap2.
BTW, Andrei, another alternative to fix logins is to turn off TLS and
use an ldap:// uri instead ldaps://.
Roman
Reply to: