Bug#381153: [Pkg-openldap-devel] Bug#381153: slapd: Upgrade to
2.3.24-2 breaks system when using libnss-ldap
Steve Langasek
vorlon at debian.org
Wed Aug 2 17:46:58 UTC 2006
forcemerge 380658 381153
thanks
On Wed, Aug 02, 2006 at 04:15:39PM +0100, Paul LeoNerd Evans wrote:
> Package: slapd
> Version: 2.3.24-2
> Severity: critical
> Justification: breaks the whole system
> I have users stored in LDAP, using libnss-ldap and libpam-ldap. The
> upgrade process to install 2.3.24-2 tries to stop slapd, then run
> "useradd" to create the required user to run as, then start it again.
> Because my user list is in LDAP, this all breaks. slapd is now
> unstartable.
> Furthermore, no user can log in to any terminal, nor can any existing
> shells "su", or "sudo". PAM-ldap becomes unusable. Fortunately for me,
> root is still in /etc/{passwd,shadow}, so I was able to ssh as root to
> fix it. Were that not the case, the only way out of this is a hard
> reboot, passing
> init=/bin/sh
> to GRUB/LILO, and manually fixing things from there.
> I believe this total failure of ability to log in justifies the critical
> classification, but I accept that it only happens in the non-default
> case of passwd/group being LDAP-based.
Furthermore, this is a bug in libnss-ldap. System users should not be added
to LDAP, they should be added to the local unix database, and libnss-ldap
should not be hanging when the LDAP server is down.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
vorlon at debian.org http://www.debian.org/
More information about the Pkg-openldap-devel
mailing list