Re: nslcd and ubuntu 10.04

[Adam Wolfe <kadamwolfe [at] gmail.com>]

OK folks.  I need some more hand-holding :s

I've decided to go the "deb from source" route.  I've installed build-essential and the needed *-dev packages.  Configuring goes well enough (using the --with-ldap-lib=openldap option).

But during the make process I'm get the following when using both the latest stable and old stable source:

cfg.c:530: error: ‘OM_uint32’ undeclared (first use in this function)
cfg.c:530: error: (Each undeclared identifier is reported only once
cfg.c:530: error: for each function it appears in.)
cfg.c:530: error: expected ‘;’ before ‘minor_status’
cfg.c:561: error: ‘minor_status’ undeclared (first use in this function)
cfg.c:561: error: ‘GSS_S_COMPLETE’ undeclared (first use in this function)
make[2]: *** [cfg.o] Error 1
make[2]: Leaving directory `/home/info/nss-pam-ldapd-0.7.17/nslcd'
make[1]: *** [all-recursive] Error 1
make[1]: Leaving directory `/home/info/nss-pam-ldapd-0.7.17'
make: *** [all] Error 2

Anyone know what I'm missing here?

On 09/27/2012 10:41 AM, Christopher Wood wrote:

I used reprepro to create a private apt repository for things like this. Apt-get will automatically install the latest version after your next apt-get upgrade. This sort of thing:

reprepro includedeb distname /path/to/deb 

This all gets managed using puppet, so it wasn't any trouble for me to add another apt source to everything.

On Thu, Sep 27, 2012 at 10:36:27AM -0400, Adam Wolfe wrote:

Hah.  Thanks again, Christopher.  I appreciate the help.  Seems like
a 0.7.13 with an adjusted idle_timelimit is the way to go so far.
You happen to know if there's an easy way to package this for 10.04?
I'm thinking about simply copying the .debs to my local apt-mirror,
maybe even replacing the current ones for 0.7.2, might be easiest.


On 09/27/2012 10:21 AM, Christopher Wood wrote:

Oh, you're a familiar face. ;)

I use:

idle_timelimit 30

If your sockets cross a firewall then you may also be seeing the firewall timing out on inactive sockets.

I found that in my environment, occasionally an ldap lookup would simply fail for no apparent reason. Every manual test succeeded, but intermittently automated tests would fail. I personally wrote it off to a gremlin that we have neither time nor personnel to chase, and banned nscd in case of cached negative result.

In my case with 0.7.13 I left it sitting on some lab hosts with the above idle_timelimit for a week and wasn't able to reproduce my prior issue.

On Thu, Sep 27, 2012 at 09:39:02AM -0400, Adam Wolfe wrote:

Greetings,

I was curious if anyone had written a guide or had (successful)
experience getting ldap over ssl/tls working on ubuntu 10.04 using
nslcd/libnss-ldapd.

I'm having trouble where nslcd starts failing to connect to the ldap
server after a few hours.  Restarting nslcd or simply "id"ing an
ldap user fixes the issue temporarily.
I've read that version 0.7.2 is known to be buggy, despite being the
version in the ubuntu repos.  I've installed 0.7.13 from the ubuntu
10.10 repos, but I'm still seeing failed connections in syslog.
Recently I've adjusted the idle_timelimit to 1sec in nslcd.conf.
Seems steady so far, but it's only been a few minutes (failed
connections typically start within 2min).

I have about 100 servers to migrate from 8.04 to 10.04 early next
year.  So I'm looking for some advice/direction if anyone else has
been in a similar situation and found a permanent fix.
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/