core dump for shells using ldap for passwd information

Recent changes in edgy has fixed the problem. A combination of the following packages work:
libnss-ldap-251-5.2
libpam-ldap-180-1
libldap2-2.1.30-13build1
slapd-2.2.26-5ubuntu3
ldap-utils-2.2.26-5ubuntu3

No the problem still exists after all, I forgot that it doesn't exist when 'root' access the information. This still happens as a normal user.

user@host:/home: ls -la
ls: ldap-nss.c:1323: do_init: Assertion `cfg->ldc_uris[__session.ls_current_uri] != ((void *)0)' failed.
zsh: abort ls -la

I'm facing the same issue. After installing nscd the core dump vanished. I'm a bit confused about this, because I thought pam-ccreds only uses the nss-db for caching.

Same problem here. However, even after installing nscd the problem returned after a short while (about 30 seconds). Restarting nscd solve the problem (for another 30 seconds anyway!).

Tapio brought me on the idea to test with different permissions on libnss-ldap.conf
If I give read permission to libnss-ldap.conf for mortal users, the problem is no longer there.

Ofcourse I don't want to gieve away read permission, beause of senstive information.

Why is the nss-ldap command run with the user credentials and not root?

I'm curious as to why you have sensitive information in libnss-ldap.conf. The only thing that could possibly considered sensitive is the password to a ldap user. I have run Ubuntu systems without that since warty and I have not had a problem. We just bind anonymously. What would you be using that password for?

Also it makes sense that libnss-ldap.conf needs to be readable by everyone on the system because its a libc function and you need to give libc a way of getting its configuration information.

In a lot of LDAP setups, LDAP is directly accessible from the internet.
Obviously you don't want to publish user information anonymously
(telephonenumbers, e-mail addresses etc.). The most common way to solve
this issue is to add a special proxy user to the DIT so that only
sensitive information can be published when an authenticated bind is
done. Therefore you have the binddn option with a password.

When I installed Feisty in April, libnss-ldap.conf was not world
readable after installing via apt-get. It looks like this behaviour has
be changed (now 644).

Scott Henson wrote:
> I'm curious as to why you have sensitive information in libnss-
> ldap.conf. The only thing that could possibly considered sensitive is
> the password to a ldap user. I have run Ubuntu systems without that
> since warty and I have not had a problem. We just bind anonymously.
> What would you be using that password for?
>
> Also it makes sense that libnss-ldap.conf needs to be readable by
> everyone on the system because its a libc function and you need to give
> libc a way of getting its configuration information.
>
>

I get exactly the same problem, right after I login with a LDAP user on Edgy via SSH. Changing file permissions to 644 on /etc/libnss_ldap.conf solved the problem for me as well. Thanks for the hint! On my Feisty box it has also the 644 permissions.

I think this is clearly a bug and I don't understand, why the Importance is set to "undecided"...

This was fixed for the Feisty release, and the simple file-permissions workaround for Edgy is documented here - thanks!