Bug 132816

Summary:	Fail to read name of new user from ldap
Product:	Ports & Packages	Reporter:	Sergey <starikov>
Component:	Individual Port(s)	Assignee:	freebsd-ports-bugs (Nobody) <ports-bugs>
Status:	Closed FIXED
Severity:	Affects Only Me
Priority:	Normal
Version:	Latest
Hardware:	Any
OS:	Any

Description Sergey 2009-03-19 14:40:03 UTC

This server uses authentification in OpenLDAP (currently running on FreeBSD 7.1-RELEASE #0, openldap-server-2.4.13 Open source LDAP server implementation).

Used software:
nss_ldap-1.257 RFC 2307 NSS module
openldap-client-2.3.43 Open source LDAP client implementation
pam_ldap-1.8.4 A pam module for authenticating with LDAP
php5-ldap-5.2.6_2 The ldap shared extension for php

My etc/pam.d/sshd is:
#
# PAM configuration for the "sshd" service
#

# auth
auth sufficient pam_opie.so no_warn no_fake_prompts
auth requisite pam_opieaccess.so no_warn allow_local
auth sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
auth required pam_unix.so no_warn try_first_pass

# account
account required pam_nologin.so
account sufficient /usr/local/lib/pam_ldap.so
account required /usr/local/lib/pam_ldap.so
account required pam_login_access.so
account required pam_unix.so

# session
session optional /usr/local/lib/pam_ldap.so
session required pam_permit.so

# password
password sufficient /usr/local/lib/pam_ldap.so use_authtok
password required pam_unix.so no_warn try_first_pass

Everything works fine.

The problem appeared when I've added a user.
It was successfully added.
And login (ssh user@this-host) is also successful.
But executing `whoami` shows UID (i.e. 1029) instead of username.
I think, reboot should fix this problem, but it isn't right way.
It looks like a bug in about pam_ldap or nss_ldap.
Or I'm to restart some service (what?)?

Comment 1 Pav Lucistnik freebsd_committer

2009-03-22 18:41:34 UTC

State Changed
From-To: open->closed

Please ask configuration questions like these on mailing lists. PR are for 
submitting patches. Thank you.