Comment 0 for bug 585966

This is a known bug from Debian : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577593
It seems that this bug has been fixed in the next release of libpam-ldapd.

This bug appears on Ubuntu Lucid 10.04 with libpam-ldapd 0.7.2.

If two ldap URI are provided in the /etc/nslcd.conf and that the first one is unavailable then nss lookups just failover the second URI but for any authentication nslcd tries to bind on the first URI fail and just stop there instead of trying the second URI.

So even with two well configured LDAP servers there is no authentication redundancy.

This is not really a security vulnerability but it could be considered as.
It seems to me really important to fix this bug even more for an LTS Ubuntu version used quite a lot servers.