Issues with OpenLDAP 2.4.15 and FreeBSD 8.0-CUrrent as well as with
FreeBSD 7.2-PRE using DB 4.7
O. Hartmann
ohartman at zedat.fu-berlin.de
Tue Mar 31 03:20:28 PDT 2009
I reported this earlier here and now I'm about to file a PR. Before
that, I will ask whether there is a solution out here or someone can
give a hint in case I ran into a hidden misconfiguration.
First I see on all FreeBSD flavours (7.2 and 8.0) a coredump of LDAP
clients when doing ldapsearch, ldappasswd. The client performs well, but
at the end it terminates with some SIG 11.
Another very severe issue is with Db 4.7 and OpenLDAP 2.4.15 as taken
from ports. On FreeBSD 7.1/7.2 I was running a OpenLDAP 1.4.15 server,
used with DB 4.6. Several experimental boxes with FreeBSD 8.0-CURRENT
and FreeBSD 7.1/7.2 were referring to that LDAP server for user
authetication. After backing up the database, installing DB 4.7,
recompiling everything that depends on DB 4.X, recompiling at last
OpenLDAP and doing a Db recover ends up in a problem. The clients which
were willing to perform logins via ssh by autheticating users via this
LDAP server refuses now authentication! The same client authenticates
the users of the LDAP server via LDAP authentication when accessing
protected webpages served by lighttpd. I also can enumerate /home with
users taken from the LDAP server, except login in via ssh. I did not
change sshd's config, so I suspect something else. Watching console log
and slapd log I see no issues aside the slapd log, but console and sshd
log tell something about an unknown user with uid XXXX. Googling for
this error I find a lot of sshd/nss/ldap related issues - but no
solution. Doinf a 'sudo' or 'su' on the same machine to users residing
on LDAP db is possible. But connection via ssh isn't possible.
Another very strange behaviour occurs on FreeBSD 8.0-CURRENT serving as
OpenLDAP 2.4.15 server with cysrus-sasl compiled in and DB 4.7.
Authentication to this server, even from the local host, takes
approximately 20 - 30 seconds, connecting LUMA for administering also
takes that long, even showing up the DIT in LUMA takes unconveniently
long times to perform. This happens when this server was updated from
FreeBSD 7.2-PRE to FreeBSD 8.0-CURRENT with all the stuff completely
fresh installed. Before the upgrade, the OpenLDAP server was running
2.4.15 with DB 4.7 as well as it does now under FreeBSD 8.0-CUR.
Well, even with fresh standard installations taken from the templates
when using nss_ldap/pam_ldap/OpenLDAP shows those strange issues on all
mentioned boxes and OS flavours.
Now I think I ran into a severe issue with either OpenLDAP 2.4.15 and/or
FreeBSD 8.0.
Regards,
Oliver
More information about the freebsd-questions
mailing list