'Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       mandrake-cooker
Subject:    Re: [Cooker] Re: [CHRPM] nss_ldap-211-1mdk
From:       <bgmilne () cae ! co ! za>
Date:       2003-10-31 23:34:43
[Download RAW message or body]

> On 31-Oct-03 at 17:32, Buchan Milne (bgmilne@cae.co.za) wrote:
>
>> But, I don't see the problem:
>>
>>
>> [bgmilne@bgmilne bgmilne]$ grep ^passwd /etc/nsswitch.conf
>> passwd:     files ldap
>> [bgmilne@bgmilne bgmilne]$ wc -l /etc/passwd
>>      38 /etc/passwd
>
> Same for me here, so far.
>
>> [bgmilne@bgmilne bgmilne]$ getent passwd|wc -l
>>     187
>
> Here I get the same symptom as before.
> # getent passwd|wc -l
> getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol:
> dbopen
>       0
>
> # getent passwd root
> root:x:0:0:root:/root:/bin/bash
> # getent passwd etutest1
> getent: relocation error: /lib/libnss_ldap.so.2: undefined symbol:
> dbopen
>
> May be you have a ldap.conf file that does not trigger the call
> to dbopen?
> - could you send me the relevant part of your ldap.conf?
> Here is mine:
>
> # egrep -v '^#|^$' /etc/ldap.conf
> host myhost.unige.ch
> base ou=people,dc=unige,dc=ch
> ldap_version 3
> scope sub
> pam_filter objectclass=posixAccount
> pam_login_attribute unigeChStudentUid
> pam_member_attribute gid
> pam_password clear
> nss_base_passwd ou=People,dc=unige,dc=ch?sub
> nss_base_shadow ou=People,dc=unige,dc=ch?sub
> ssl on
> sslpath /etc/ssl/certs/cert7.db

Maybe it is this ^^^ ?

(I don't see the point in wanting to verify the SSL cert against the
commercial CAs when I use my own CA cery anyway, which is available and
configured)

> nss_map_attribute uid unigeChStudentUid
> pam_template_login_attribute unigeChStudentUid
>
> That configuration did work with Mandrake 9.0.

Here is mine, we have production machines running with configs like this,
Mandrake 9.0 through 9.2:

[bgmilne@bgmilne bgmilne]$ egrep -v '^#|^$' /etc/ldap.conf
host bgmilne.cae.co.za
base dc=cae,dc=co,dc=za
ldap_version 3
scope one
pam_filter objectclass=posixaccount
pam_login_attribute uid
pam_password md5
nss_base_passwd  ou=People,dc=cae,dc=co,dc=za
nss_base_shadow  ou=People,dc=cae,dc=co,dc=za
nss_base_group   ou=Group,dc=cae,dc=co,dc=za
ssl start_tls
tls_cacertfile /etc/ssl/ca.crt
tls_checkpeer yes
TLS_CACERT /etc/ssl/ca.crt


>
> Or maybe dbopen is provided by another library loaded at runtime
> not in the dependancies shown by ldd.
> It would be strange though: You would expect all
> symbols of a dynamic libraries to be resolved within
> the dependancies.
>
> [ Florin: is it OK that dbopen is not defined in the dynamic libraries?
> ]
>
> - Any suggestion on where to look now to figure this out?

Maybe try without the certdb, since this seems to be about the only thing
that has anything to do with libdb (besides libsasl)?

Regards,
Buchan




[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic