このコンテンツは選択した言語では利用できません。

4.122. nss_ldap


An updated nss_ldap package that fixes one bug is now available for Red Hat Enterprise Linux 5.
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module is a plug-in which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows a directory server to be used by PAM-aware applications to verify user passwords.

Bug Fix

BZ#743193
Previously, a fixed size buffer to store the LDAP configuration could exceed its size. As a consequence, nss_ldap failed when it was used with certain large configurations, especially on 64-bit architectures where pointers in internal data structures occupy twice as much space in the buffer as on 32-bit architectures. This caused situations where a certain LDAP configuration worked on 32-bit architecture but not on 64-bit architecture. With this update, the size of the buffer has been increased to 64 KB, and nss_ldap now works correctly with LDAP configurations that do not exceed the size of 64 KB.
All users of nss_ldap are advised to upgrade to this updated package, which fixes this bug.
An enhanced nss_ldap package that fixes various bugs and provides an enhancement is now available for Red Hat Enterprise Linux 5.
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module is a name service switch module which allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows a directory server to be used by PAM-aware applications to verify user passwords.

Bug Fixes

BZ#593242
Previously, nss_ldap did not correctly handle the situation where "unreadable" files were present in the CA certificate directory. Consequently, nss_ldap failed when resolving usernames and groups while using TLS even if a valid readable certificate was available. This update corrects the problem and nss_ldap now ignores files that are not world readable and uses the readable certificate files as expected.
BZ#696707
In certain cases, nss_ldap failed to get a response from the Lightweight Directory Access Protocol (LDAP) server and the client became temporarily unable to query the server. This update applies a patch which improves the code and the server now responds as expected.
BZ#705841
The LDAP server stored its configuration in a fixed-size buffer that could have been exceeded with large configurations, thus causing nss_ldap to fail. This was especially likely to occur on 64-bit architectures where pointers to internal data structures occupy twice as much space in the buffer as on 32-bit architectures. This caused situations where a certain ldap configuration worked on 32-bit architecture but not on 64-bit architecture. With this update, the code has been modified to allow the use of larger ldap configurations without exceeding the buffer and nss_ldap now works correctly.

Enhancements

BZ#741419
Prior to this update, nss_ldap did not select the closest DNS records, but always selected the first record returned by DNS. This update changes the behavior to select the records based on the priority and weight fields.
All users of nss_ldap are advised to upgrade to this updated package, which fixes these bugs and provides this enhancement.
Red Hat logoGithubRedditYoutubeTwitter

詳細情報

試用、購入および販売

コミュニティー

Red Hat ドキュメントについて

Red Hat をお使いのお客様が、信頼できるコンテンツが含まれている製品やサービスを活用することで、イノベーションを行い、目標を達成できるようにします。

多様性を受け入れるオープンソースの強化

Red Hat では、コード、ドキュメント、Web プロパティーにおける配慮に欠ける用語の置き換えに取り組んでいます。このような変更は、段階的に実施される予定です。詳細情報: Red Hat ブログ.

会社概要

Red Hat は、企業がコアとなるデータセンターからネットワークエッジに至るまで、各種プラットフォームや環境全体で作業を簡素化できるように、強化されたソリューションを提供しています。

© 2024 Red Hat, Inc.