lists.arthurdejong.org
RSS feed

Re: myldap_search base character limit nslcd 0.8.13

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: myldap_search base character limit nslcd 0.8.13



On Wed, 2014-04-23 at 18:07 +0400, Евгений wrote:
> I am trying ssh user authentication with AD with nss-pam-ldapd. It
> seems faced with a restriction on the length of the base field.
> Is it possible that as a work around this limitation? (except for
> changing the directory structure of course)

The buffers are mostly hard-coded to a maximum length to keep memory
management simpler.

The DN buffer size is set to 256 bytes which should be enough in most
situations. While your DN is "only" 176 characters, it is 298 bytes
because of the non-ASCII characters used. Non-ASCII characters were not
considered when calculating the buffer sizes. Doubling the DN buffer
size should fix these issues.

For the 0.8 series extending the buffer size can be done by changing the
binddn buffer size in nslcd/myldap.c. A more complete patch is here:

http://arthurdejong.org/viewvc/nss-pam-ldapd?revision=2085&view=revision

The next 0.9 release will also include larger buffer and include better
logging of buffer-related problems.

Hope this helps,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/