이 콘텐츠는 선택한 언어로 제공되지 않습니다.
1.157. nss_ldap
1.157.1. RHBA-2009:1379: bug fix update
An updated nss_ldap package is now available for Red Hat Enterprise Linux 5.
The nss_ldap module is a plugin for the standard C library which allows applications to look up information about users and groups using a directory server.
This updated nss_ldap package provide fixes for the following bugs:
- nss_ldap contained a socket descriptor leak that occurred when it was forced to reconnect to the LDAP server. This socket descriptor leak would eventually cause the nscd daemon to consume 100% CPU and fail to reconnect to the LDAP server. This has been fixed so that sockets do not leak and a failure to reconnect does not occur. (BZ#428837)
- this update modifies the nss_ldap module's behavior so that when it encounters an entry which contains an attribute value which is expected to be numeric, but the value contained in the entry can not be correctly parsed as a number, then the module ignores the entry. (BZ#457258)
- a previous change in nss_ldap's default behavior meant that the "getent passwd" command retrieved a fewer number of lines than before. This default behavior can be changed with the "nss_paged_results" option, which, in these updated packages, is now set by default to "no", so that "getent passwd" is able to retrieve up to 40447 lines instead of 1041. (BZ#486321)
- running the command "id [ldap_username]" when the "nss_connect_policy" directive in the /etc/ldap.conf configuration file was set to "oneshot" caused the "id" command to fail and the nscd daemon to crash due to an assertion failure. With these updated packages, calling "id [user_name]" when "nss_connect_policy" is set to "oneshot" works as expected and no longer triggers the failed assertion. (BZ#488857)
All users of nss_ldap are advised to upgrade to this updated package, which resolves these issues.
