lists.arthurdejong.org
RSS feed

Re: error writing to nslcd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: error writing to nslcd



On Mon, 2012-01-09 at 01:50 +1100, Maxim Vetrov wrote:
> I'm trying to setup ldap user database as opposed to traditional flat
> file one. I've successfully installed and configured test environment
> on virtual machine (VirtualBox) with freebsd amd64 9.0-rc3. When  I
> repeated the same on a real machine (the same OS) I've got the next
> error:
> 
> Jan  8 14:09:02 devel login: error writing to nslcd: Invalid argument

[...]

> ##################################################
> nslcd.conf:
> ##################################################
> 
> # The user and group nslcd should run as.
> uid nslcd
> gid nslcd
> 
> # The underprivileged user and group used for running the daemon.
> uid nslcd
> gid nslcd

These options are listed twice but that shouldn't cause any problems.

> binddn uid=Administrator,ou=Users,dc=muxas,dc=net
> bindpw xxx

You probably shouldn't use an administrator account for normal queries.
For testing it should be fine but for production you just need an
account that is allowed to read the useful information.

> Output of "nslcd -d"
> ==================================================
> nslcd -d
> nslcd: DEBUG: add_uri(ldap://127.0.0.1/)
> nslcd: version 0.7.15 starting

For FreeBSD you should probably use the 0.8 series. In those releases
FreeBSD support was integrated. The FreeBSD ports section has a 0.7.13
version which should also work.

> nslcd: [0041a7] DEBUG: connection from pid=-1 uid=0 gid=0
> nslcd: [0041a7] DEBUG: nslcd_passwd_byname(muxas)
> nslcd: [0041a7] DEBUG: myldap_search(base="ou=Users,dc=muxas,dc=net", 
> filter="(&(objectClass=posixAccount)(uid=muxas))")

Some of the requests do reach nslcd but for some there is a problem
writing the results back to the NSS or PAM module but for some

> nslcd: [b7acd9] DEBUG: connection from pid=-1 uid=0 gid=0
> nslcd: [b7acd9] error reading from client: No error: 0

an error occurs while reading the request.

> nslcd: [0041a7] error writing to client: Broken pipe

The broken pipe is when the client has closed the connection. The read
error could be a result from a communication problem or a protocol
mismatch. The "No error" error seems to indicate a protocol error though
but all versions of nss-pam-ldapd speak the same protocol.

If you still get this with the right version you could try recompiling
with -DDEBUG_PROT. This produces a lot of debugging information in both
nslcd and in applications that call nslcd (to stderr).

> I think the line with string "error writing to client: Broken pipe" is 
> somehow connected to the error but I do not know how. Any help would be 
> appreciated. I used the same configs in the virtual and real 
> installation(I just copied them).

Be sure that nslcd, the NSS module and the PAM module are from the same
version and source (FreeBSD has some compatibility code for Linux, if
you run Linux binaries here it could cause problems).

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/