此内容没有您所选择的语言版本。

4.200. nss-pam-ldapd


An updated nss-pam-ldapd package that fixes multiple bugs and adds one enhancement is now available for Red Hat Enterprise Linux 6.
[Updated 24 January 2012] This advisory has been updated with the correct package description in the Details section. The package included in this revised update has not been changed in any way from the package included in the original advisory.
The nss-pam-ldapd package provides the nss-pam-ldapd daemon (nslcd) which uses a directory server to look up name service information on behalf of a lightweight nsswitch module.

Bug Fixes

BZ#706454
When the nss-pam-ldapd package was installed, settings for the nslcd daemon were migrated from the configuration files used by the pam_ldap module or a previously-installed copy of the nss_ldap package. If the nslcd configuration file was modified, settings would be migrated again, often with an error. With this update, the migration is performed only if the package has not been previously installed.
BZ#706860
Prior to this update, when the nslcd daemon retrieved information about a user or group, the name of the user or group would be checked against the value of the "validnames" configuration setting. The default value of the setting expected the names to be at least three characters long, therefore names which were only two characters long were flagged as invalid. This could have negative impact on some installations. With this update, the default value of the "validnames" setting is modified to a minimum of two characters so that short names are accepted.
BZ#716822, BZ#720230
Due to the buffer used for the group field of a user password entry being not big enough, the primary group ID of a user could not be parsed if it contained more than nine digits. As a consequence, the nslcd daemon could drop some of the digits. With this update, nslcd is modified to parse large user IDs properly.
BZ#741362
An incorrect use of the strtol() call could cause large user ID values to overflow on 32-bit architectures. New functions have been implemented with this update, so that large user IDs are parsed correctly.

Enhancement

BZ#730309
Previously, if "DNS" was specified as the value of the LDAP "uri" setting in the /etc/nslcd.conf file, the nslcd service would attempt to look up DNS SRV records for the LDAP server (in order to determine which directory server to contact) only in the local host's current DNS domain. As a consequence, nslcd could not search for an LDAP server in a different domain. With this update, the DNS domain which is used in the lookup can now be specified by providing a value in the form "DNS:domainname".
All users of nss-pam-ldapd are advised to upgrade to this updated package, which fixes these bugs and adds this enhancement.
An updated nss-pam-ldapd package that fixes one bug is now available for Red Hat Enterprise Linux 6.
The nss-pam-ldapd provides the nss-pam-ldapd daemon (nslcd) which uses a directory server to look up name service information on behalf of a lightweight nsswitch module.

Bug Fix

BZ#771322
Previously, the nslcd daemon performed the idle time expiration check for the LDAP connection before starting an LDAP search operation. On a lossy network or if the LDAP server was under a heavy load, a connection could time out after a successful check and the search operation then failed. With this update, the idle time expiration test is now performed during the LDAP search operation so that the connection now no longer expires under these circumstances.
All users of nss-pam-ldapd are advised to upgrade to this updated package, which fixes this bug.
Red Hat logoGithubRedditYoutubeTwitter

学习

尝试、购买和销售

社区

关于红帽文档

通过我们的产品和服务,以及可以信赖的内容,帮助红帽用户创新并实现他们的目标。

让开源更具包容性

红帽致力于替换我们的代码、文档和 Web 属性中存在问题的语言。欲了解更多详情,请参阅红帽博客.

關於紅帽

我们提供强化的解决方案,使企业能够更轻松地跨平台和环境(从核心数据中心到网络边缘)工作。

© 2024 Red Hat, Inc.