Bug 11196

Summary: Openldap/nslcd client not working with cached credentials (e.g. no ldap server online)
Product: Mageia Reporter: Riccardo Poleggi <poleggi.riccardo>
Component: RPM PackagesAssignee: Guillaume Rousse <guillomovitch>
Status: RESOLVED OLD QA Contact:
Severity: normal    
Priority: Normal CC: bgmilne, luigiwalser
Version: 3Keywords: Triaged
Target Milestone: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Source RPM: nss-pam-ldapd CVE:
Status comment:

Description Riccardo Poleggi 2013-09-08 17:49:19 CEST 
I set up ldap authentication through MCC, fixed nslcd.conf, restarted the pc: everything was fine.
When I tried to authenticate with no ethernet connection, kdm seg faulted and so did "getent passwd".
Maybe something related to bug 10005.
Everything was fine in Mageia2.
Still same "bug" in Cauldron.


Version-Release number of selected component (if applicable):
(I don't know exactly - I post what I imagine can be related...)
nss-pam-ldapd-0.8.12-3.mga3
openldap-2.4.33-7.mga3
lib64kldap4-4.10.5-1.1.mga3
kio4-ldap-4.10.5-1.1.mga3
openldap-clients-2.4.33-7.mga3
lib64ldap2.4_2-2.4.33-7.mga3
python-ldap-2.4.10-2.mga3
nscd-2.17-5.mga3


Steps to Reproduce:
1. Choose ldap auth in MCC
2. Fix /etc/nslcd.conf to make it point to the server
3. Restart the PC
4. Detach the ethernet cable and try to authenticate as ldap user


Reproducible: 

Steps to Reproduce:
Manuel Hiebel 2013-09-09 19:53:23 CEST

Keywords: (none) => Triaged
Assignee: bugsquad => bgmilne
Source RPM: (none) => openldap

Comment 1 David Walser 2013-09-11 00:09:34 CEST 
Assigning to the nss-pam-ldapd maintainer.

Riccardo, are the nslcd and nscd services running on this machine?

CC: (none) => bgmilne
Assignee: bgmilne => guillomovitch

David Walser 2013-09-11 00:09:52 CEST

Source RPM: openldap => nss-pam-ldapd

Comment 2 Riccardo Poleggi 2013-09-11 19:40:05 CEST 
(In reply to David Walser from comment #1)
> Assigning to the nss-pam-ldapd maintainer.
> 
> Riccardo, are the nslcd and nscd services running on this machine?

Hi David,
actually at first nslcd.service was running and nscd.service wasn't.
Then I started the nscd.service and enabled it with "systemctl enable nscd.service".
I restarted the machine and checked again: both running. Ok.
Then I made some tests. I prefer to post the output. It's a virtualbox machine with a bridged eth0.

###########################
[root@mga3-2_vbox ~]# systemctl status nscd.service
nscd.service - Name Service Cache Daemon
          Loaded: loaded (/usr/lib/systemd/system/nscd.service; enabled)
          Active: active (running) since Wed, 2013-09-11 18:16:58 CEST; 1min 40s ago
         Process: 599 ExecStart=/usr/sbin/nscd $NSCD_OPTIONS (code=exited, status=0/SUCCESS)
        Main PID: 621 (nscd)
          CGroup: name=systemd:/system/nscd.service
                  â 621 /usr/sbin/nscd

Sep 11 18:16:57 mga3-2_vbox.ricklinux.it systemd[1]: Starting Name Service Cache Daemon...
Sep 11 18:16:58 mga3-2_vbox.ricklinux.it systemd[1]: Started Name Service Cache Daemon.

[root@mga3-2_vbox ~]# systemctl status nslcd.service
nslcd.service - Naming services LDAP client daemon
          Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled)
          Active: active (running) since Wed, 2013-09-11 18:17:07 CEST; 1min 42s ago
         Process: 1258 ExecStart=/usr/sbin/nslcd (code=exited, status=0/SUCCESS)
        Main PID: 1265 (nslcd)
          CGroup: name=systemd:/system/nslcd.service
                  â 1265 /usr/sbin/nslcd

Sep 11 18:17:07 mga3-2_vbox.ricklinux.it systemd[1]: Starting Naming services LDAP client daemon...
Sep 11 18:17:07 mga3-2_vbox.ricklinux.it nslcd[1265]: version 0.8.12 starting
Sep 11 18:17:07 mga3-2_vbox.ricklinux.it systemd[1]: Started Naming services LDAP client daemon.
Sep 11 18:17:12 mga3-2_vbox.ricklinux.it nslcd[1265]: accepting connections
Sep 11 18:17:12 mga3-2_vbox.ricklinux.it nslcd[1265]: [7b23c6] <group="0"> request denied by validnames option
Sep 11 18:17:18 mga3-2_vbox.ricklinux.it nslcd[1265]: [3c9869] <passwd="0"> request denied by validnames option
Sep 11 18:17:22 mga3-2_vbox.ricklinux.it nslcd[1265]: [b0dc51] <passwd(all)> (re)loading /etc/nsswitch.conf

[root@mga3-2_vbox ~]# ifdown eth0
[root@mga3-2_vbox ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:8B:22:78  
          inet6 addr: fe80::a00:27ff:fe8b:2278/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:89 errors:0 dropped:0 overruns:0 frame:0
          TX packets:104 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:16997 (16.5 KiB)  TX bytes:12612 (12.3 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:340 (340.0 b)  TX bytes:340 (340.0 b)

[root@mga3-2_vbox ~]# su rosamaria   ### btw, my wife...
su: user rosamaria does not exist

[root@mga3-2_vbox ~]# ifup eth0
[root@mga3-2_vbox ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:8B:22:78  
          inet addr:192.168.1.114  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe8b:2278/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:114 errors:0 dropped:0 overruns:0 frame:0
          TX packets:123 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:23227 (22.6 KiB)  TX bytes:16470 (16.0 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:340 (340.0 b)  TX bytes:340 (340.0 b)

[root@mga3-2_vbox ~]# su rosamaria
Creazione della directory "/home/rosamaria".

[rosamaria@mga3-2_vbox root]$ exit
exit

[root@mga3-2_vbox ~]# ifdown eth0
[root@mga3-2_vbox ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:8B:22:78  
          inet6 addr: fe80::a00:27ff:fe8b:2278/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:142 errors:0 dropped:0 overruns:0 frame:0
          TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:27962 (27.3 KiB)  TX bytes:20628 (20.1 KiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:6 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:340 (340.0 b)  TX bytes:340 (340.0 b)

[root@mga3-2_vbox ~]# su rosamaria     ##(VERY long wait.....)
[rosamaria@mga3-2_vbox root]$ whoami
rosamaria
[rosamaria@mga3-2_vbox root]$ exit
exit
[root@mga3-2_vbox ~]# ifup eth0
[root@mga3-2_vbox ~]# init 6
##############################################

I detached the eth-link at grub screen and kdm segfaulted.
I logged as root in a console and checked the nscd.service and nslcd.service output:
nslcd.service - Naming services LDAP client daemon
	  Loaded: loaded (/usr/lib/systemd/system/nslcd.service; enabled)
	  Active: active (running) since Wed, 2013-09-11 18:39:26 CEST; 2min 39s ago
	 Process: 1046 ExecStart=/usr/sbin/nslcd (code=exited, status=0/SUCCESS)
	Main PID: 1055 (nslcd)
	  CGroup: name=systemd:/system/nslcd.service
		  â 1055 /usr/sbin/nslcd

Sep 11 18:39:41 mga3-2_vbox.ricklinux.it nslcd[1055]: [495cff] <passwd=-1> no available LDAP server found, sleeping 1 seconds
Sep 11 18:39:41 mga3-2_vbox.ricklinux.it nslcd[1055]: [8b4567] <group/member="nslcd"> failed to bind to LDAP server ldap://192.168.1.254/: Can't contact LDAP server: Transport endpoint is not connected
Sep 11 18:39:41 mga3-2_vbox.ricklinux.it nslcd[1055]: [8b4567] <group/member="nslcd"> no available LDAP server found, sleeping 1 seconds
Sep 11 18:39:41 mga3-2_vbox.ricklinux.it nslcd[1055]: [334873] <passwd=-1> failed to bind to LDAP server ldap://192.168.1.254/: Can't contact LDAP server: Transport endpoint is not connected
Sep 11 18:39:41 mga3-2_vbox.ricklinux.it nslcd[1055]: [334873] <passwd=-1> no available LDAP server found, sleeping 1 seconds
Sep 11 18:39:42 mga3-2_vbox.ricklinux.it nslcd[1055]: [b0dc51] <passwd(all)> failed to bind to LDAP server ldap://192.168.1.254/: Can't contact LDAP server: Transport endpoint is not connected
Sep 11 18:39:42 mga3-2_vbox.ricklinux.it nslcd[1055]: [b0dc51] <passwd(all)> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected
Sep 11 18:39:42 mga3-2_vbox.ricklinux.it nslcd[1055]: [495cff] <passwd=-1> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected
Sep 11 18:39:42 mga3-2_vbox.ricklinux.it nslcd[1055]: [8b4567] <group/member="nslcd"> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected
Sep 11 18:39:42 mga3-2_vbox.ricklinux.it nslcd[1055]: [334873] <passwd=-1> no available LDAP server found: Can't contact LDAP server: Transport endpoint is not connected
nscd.service - Name Service Cache Daemon
	  Loaded: loaded (/usr/lib/systemd/system/nscd.service; enabled)
	  Active: active (running) since Wed, 2013-09-11 18:39:17 CEST; 2min 54s ago
	 Process: 583 ExecStart=/usr/sbin/nscd $NSCD_OPTIONS (code=exited, status=0/SUCCESS)
	Main PID: 609 (nscd)
	  CGroup: name=systemd:/system/nscd.service
		  â 609 /usr/sbin/nscd

Sep 11 18:39:17 mga3-2_vbox.ricklinux.it systemd[1]: Started Name Service Cache Daemon.
######################################

So, if I understand correctly:
1. If you are connected: no problem at all (but you still have to manually configure /etc/nslcd.conf)
2. If you disconnect:
   a) if the user has already logged once -> VERY long wait then you log in;
   b) if it's the first log-in -> user does not exist
3. If you start with no connection/no server online -> kdm/'getent passwd' segfaults

By the way, my openldap server is an old Acer Aspire 5230 with Mandriva MES5 installed.
I hope this can help.
Please, tell me if you need something else.
Thanks a lot!
rick
David Walser 2013-10-04 00:54:44 CEST

CC: (none) => luigiwalser

Comment 3 Marja Van Waes 2015-03-31 16:03:41 CEST 
Mageia 3 changed to end-of-life (EOL) status 4 months ago.
http://blog.mageia.org/en/2014/11/26/lets-say-goodbye-to-mageia-3/ 

Mageia 3 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of Mageia
please feel free to click on "Version" change it against that version of Mageia
and reopen this bug.

Thank you for reporting this bug and we are sorry it could not be fixed.

--
The Mageia Bugsquad

Status: NEW => RESOLVED
Resolution: (none) => OLD