nslcd doesn't failover to backup server on authentication (bind)
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| nss-pam-ldapd (Debian) |
Fix Released
|
Unknown
|
|||
| nss-pam-ldapd (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
This is a known bug from Debian : http://
It seems that this bug has been fixed in the next release of libpam-ldapd.
This bug appears on Ubuntu Lucid 10.04 with libpam-ldapd 0.7.2.
If two ldap URI are provided in the /etc/nslcd.conf and that the first one is unavailable then nss lookups just failover the second URI but for any authentication nslcd tries to bind on the first URI fail and just stop there instead of trying the second URI.
So even with two well configured LDAP servers there is no authentication redundancy.
This is not really a security vulnerability but it could be considered as.
It seems to me really important to fix this bug even more for an LTS Ubuntu version used by quite a lot of servers.
| Changed in nss-pam-ldapd (Debian): | |
| status: | Unknown → Fix Released |
| description: | updated |
| Changed in nss-pam-ldapd (Ubuntu): | |
| assignee: | nobody → Arthur de Jong (adejong) |
| Changed in nss-pam-ldapd (Ubuntu): | |
| assignee: | Arthur de Jong (adejong) → nobody |
| Gunnar Thielebein (lorem-ipsum) wrote | #1 |
| Changed in nss-pam-ldapd (Ubuntu): | |
| status: | New → Confirmed |
| Arthur de Jong (adejong) wrote | #2 |
| Craig Ayliffe (cayliffe-deactivatedaccount) wrote | #3 |
Will there be the new upstream package available for Lucid? Currently it's still 0.7.2!