Product SiteDocumentation Site

1.157.  nss_ldap

1.157.1.  RHBA-2009:1379: bug fix update

An updated nss_ldap package is now available for Red Hat Enterprise Linux 5.
The nss_ldap module is a plugin for the standard C library which allows applications to look up information about users and groups using a directory server.
This updated nss_ldap package provide fixes for the following bugs:
  • nss_ldap contained a socket descriptor leak that occurred when it was forced to reconnect to the LDAP server. This socket descriptor leak would eventually cause the nscd daemon to consume 100% CPU and fail to reconnect to the LDAP server. This has been fixed so that sockets do not leak and a failure to reconnect does not occur. (BZ#428837)
  • this update modifies the nss_ldap module's behavior so that when it encounters an entry which contains an attribute value which is expected to be numeric, but the value contained in the entry can not be correctly parsed as a number, then the module ignores the entry. (BZ#457258)
  • a previous change in nss_ldap's default behavior meant that the "getent passwd" command retrieved a fewer number of lines than before. This default behavior can be changed with the "nss_paged_results" option, which, in these updated packages, is now set by default to "no", so that "getent passwd" is able to retrieve up to 40447 lines instead of 1041. (BZ#486321)
  • running the command "id [ldap_username]" when the "nss_connect_policy" directive in the /etc/ldap.conf configuration file was set to "oneshot" caused the "id" command to fail and the nscd daemon to crash due to an assertion failure. With these updated packages, calling "id [user_name]" when "nss_connect_policy" is set to "oneshot" works as expected and no longer triggers the failed assertion. (BZ#488857)
All users of nss_ldap are advised to upgrade to this updated package, which resolves these issues.

Note: This documentation is provided {and copyrighted} by Red Hat®, Inc. and is released via the Open Publication License. The copyright holder has added the further requirement that Distribution of substantively modified versions of this document is prohibited without the explicit permission of the copyright holder. The CentOS project redistributes these original works (in their unmodified form) as a reference for CentOS-5 because CentOS-5 is built from publicly available, open source SRPMS. The documentation is unmodified to be compliant with upstream distribution policy. Neither CentOS-5 nor the CentOS Project are in any way affiliated with or sponsored by Red Hat®, Inc.