libnss-ldapd nslcd crashes regularly

About the crashes:

I see the following in the dmesg:
[30378.320041] nslcd[4943]: segfault at 2c0008c0 rip 40b94b rsp 43231610 error 4
[118920.022667] nslcd[6481]: segfault at ffffffffd8000cb0 rip 4042c6 rsp 41c285f0 error 4

There's no description of the crash in /var/log/daemon - only startup messages:
May 7 12:09:27 eagle nslcd[11230]: version 0.5 starting
May 7 12:09:27 eagle nslcd[11230]: accepting connections
May 7 12:17:01 eagle nslcd[11230]: connected to LDAP server ldap://directory.ewan.evalesco.com
May 7 12:20:11 eagle nslcd[11230]: connected to LDAP server ldap://directory.ewan.evalesco.com
May 7 12:20:11 eagle last message repeated 3 times

The version of nss-ldapd that Ubuntu is shipping is old. In recent releases a number of bugs haven been fixed that affect stability of nslcd. Please try 0.6.2 (the most recent release). That version is available in Debian, porting it to Ubuntu shouldn't be too difficult.

Mixing and matching packages from various sources is no way to administer any number of servers.

I could try out 0.6.2, but if it works, it won't help me because
1) Ubuntu won't jump from 0.5.0 to 0.6.2 and can't support the version
2) I won't automatically get security patches to my 0.6.2

So, in order to get a proper solution, what would people suggest?

Since the current state of affairs is that *neither* libnss-ldap *nor* libnss-ldapd is stable in 8.04 LTS, it means there is no reliable way to configure a current Ubuntu system against any of the common directories out there (Open Directory, One, AD, plain simple OpenLDAP, ...). I would assume that fixing at least one of the libnss-ldap* packages would be a priority, and I'd like to help, but I won't waste my time upgrading to packages from random distributions when I know for sure that it won't bring me a long term solution.

Hi,

this bug also drives me into serious problems, crashing tcsh and others.

Since LDAP is a standard service today and 8.04 is claimed to have Long Term Support,
this bug really and urgently needs to be addressed. Most modern production networks
do use LDAP.

regards

I can confirm this as well.

libnss-ldap works fine, except for the autocomplete crashes.

libnss-ldapd works okay, up until it's regular crash.

Also, here are the comments I can find in kern.log. Note the times though, I don't think that the inode permission is relevant to the crash.

./kern.log:May 23 02:31:41 hearts kernel: [2799048.568277] audit(1211524301.719:6): type=1503 operation="inode_permission" requested_mask="w::" denied_mask="w::" name="/var/run/nslcd/socket" pid=24705 profile="/usr/sbin/slapd" namespace="default"
./kern.log:May 23 17:43:59 hearts kernel: [ 99.059504] nslcd[5946]: segfault at 68000b80 rip 409030 rsp 425d5f40 error 4
./kern.log:May 23 17:44:45 hearts kernel: [ 144.787226] audit(1211579085.397:3): type=1503 operation="inode_permission" requested_mask="w::" denied_mask="w::" name="/var/run/nslcd/socket" pid=6571 profile="/usr/sbin/slapd" namespace="default"
./kern.log:May 24 13:38:12 hearts kernel: [71382.262423] nslcd[5939]: segfault at 4000950 rip 40b8ee rsp 43738b20 error 4

I must comfirm, that this package still buggy.

And I have workarround. Ubuntu 8.04 (Hrardy Heron) have sufficient dependencies to install libnss-ldapd (0.6.3) binary package from debinan
Install lib from this link http://packages.debian.org/sid/libnss-ldapd

jdobry wrote:
> I must comfirm, that this package still buggy.
>

Kind of makes you wonder... Do they have more than one computer at
Canonical? ;)

It's a little bit disturbing that 8.04 has never had the ability to
participate in a network with an LDAP directory, and no one (with the
ability to fix it) really seems to care.

 > And I have workarround. Ubuntu 8.04 (Hrardy Heron) have sufficient
dependencies to install libnss-ldapd (0.6.3) binary package from debinan
 > Install lib from this link http://packages.debian.org/sid/libnss-ldapd
 >

Nice; to fix Hardy, install Debian... I'll wait with that until they
make it the official recommended solution ;)

Thanks for providing feedback - I hope it helps draw a little bit of
attention to this problem.

--
Best regards,
    Jakob Østergaard Hegelund
    Evalesco A/S