Re: [nssldap] Strange nss library behavior with OL 2.4.7

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Howard Chu <hyc [at] highlandsun.com>
To: Tony Earnshaw <tonni [at] hetnet.nl>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] Strange nss library behavior with OL 2.4.7
Date: Sat, 15 Dec 2007 08:26:49 -0800

Tony Earnshaw wrote:

Hi list,

Maybe someone knows? Can't really ask or report an ITS on the OL list,
since there's nothing wrong on OL's part.

I just built and installed OL 2.4.7 rpms (Buchan's spec) on FC6. Was
previously running 2.4.6 (but also 2.3.39 is installed, can have both at
once).

I get this:

1063 [root:tru.leerlingen] /root # ldapsearch2.4 -x 'uid=sammy' \
  gidnumber
# extended LDIF
#
# LDAPv3
# base <dc=billy,dc=demon,dc=nl> (default) with scope subtree
# filter: uid=sammy
# requesting: gidnumber
#

# sammy, katter, groups, billy.demon.nl
dn: cn=sammy,cn=katter,ou=groups,dc=billy,dc=demon,dc=nl
gidNumber: 1004

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1
1004
Ok, nothing wrong there. (Sammy is only present in ldap, not in passwd).

But:

1064 [root:tru.leerlingen] /root # id sammy
uid=516 gid=1004 groups=4294967295,1004

1066 [root:tru.leerlingen] /root # getent group katter
katter:*:1004:billy,evy,frigg,kvikk,sammy,tonni

1068 [root:tru.leerlingen] /root # id hanne
uid=502 gid=1000 groups=4294967295,1000,5005

1069 [root:tru.leerlingen] /root # getent group people
people:*:1000:damen,goran,hanne,pete,torgeir,chalkie

All ldap users get given the non-existent gidnumber 4294967295. Stopped
ldap2.4, started ldap2.3 and everything is back to normal. But that's
not what I want, so I'm continuing with 2.4.

I can't remember seeing this happening with 2.4.6.

Can anyone guess at the significance of the value "4294967295"?


That's the 32 bit value "-1" represented as an unsigned integer.

Pretty suspicious. If you can get some debug logs from slapd and libldap andcompare to your 2.3.39 session that might be useful.


--
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP     http://www.openldap.org/project/

[nssldap] Strange nss library behavior with OL 2.4.7, Tony Earnshaw
- Re: [nssldap] Strange nss library behavior with OL 2.4.7, Howard Chu
- Re: [nssldap] Strange nss library behavior with OL 2.4.7, Hallvard B Furuseth
  - Re: [nssldap] Strange nss library behavior with OL 2.4.7, Tony Earnshaw

Prev by Date: [nssldap] Strange nss library behavior with OL 2.4.7
Next by Date: Re: [nssldap] Strange nss library behavior with OL 2.4.7
Previous by thread: [nssldap] Strange nss library behavior with OL 2.4.7
Next by thread: Re: [nssldap] Strange nss library behavior with OL 2.4.7