Ubuntu
gdm package

GDM does not start correctly when using libnss-ldap / libpam-ldap on edgy

Bug #61430 reported by Matt Mossholder
4
Affects Status Importance Assigned to Milestone
gdm (Ubuntu)
Invalid
Undecided
Unassigned

Bug Description

Unfortunately, I can't do much more than report this, since I am pretty lost.

Here's the situation:

- Clean install of knot2
- All updates applied
- installed libnss-ldap and libpam-ldap
- configured /etc/nsswitch.conf, /etc/libnss-ldap.conf and /etc/pam_ldap.conf
- updated /etc/pam.d/common-session for ldap auth

At this point everything works. I can log in from the console, I can even log in with GDM.
But...

Upon restart, GDM starts to come up, there are two GDM processes running, but all that appears on the screen is a black background and the standard X11 "X" cursor, and never progresses beyond that point.

Jumping to the console, I can login and restart GDM, which works fine.

There is nothing in /var/log/gdm/:0.log that is different between a working and a non-working startup. Nothing in syslog.

The only thing that seems to make any impact is removing the "ldap" statements from passwd,group and shadow in /etc/nsswitch.conf. This causes startup to work correctly. I can even log in as an ldap user as long as the user has an entry in the local password file (no shadow entry or password entry in the passwd file).

All I can think of is that there is some race condition occurring. This configuration worked under Dapper.

# /etc/nsswitch.conf
#
# Example configuration of GNU Name Service Switch functionality.
# If you have the `glibc-doc' and `info' packages installed, try:
# `info libc "Name Service Switch"' for information about this file.

passwd: ldap compat
group: ldap compat
shadow: ldap compat

hosts: files dns
networks: files

protocols: db files
services: db files
ethers: db files
rpc: db files

netgroup: nis
automount: ldap

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

you have modified only common-session? That's weird, we don't have anything about ldap in common-session, but in common-auth and common-account.

Revision history for this message
Matt Mossholder (matt-mossholder) wrote :

Excuse my typo... I had meant to change that to common-*, and never did.

I have another datapoint for you as well. Reversing the order of the statements in /etc/nsswitch.conf enables GDM to work correctly... i.e. "compat ldap" rather than "ldap compat".

   Thanks for your time!

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

oh, indeed :) We use "files ldap", the documentation knows what the difference is with the ordering.

Revision history for this message
Timo Aaltonen (tjaalton) wrote :

Matt, maybe if you use:

passwd ldap [NOTFOUND=return] compat
.
.

(from man nsswitch.conf)
would also work. Anyway, closing since it was a bug in local configuration

Changed in gdm:
status: Unconfirmed → Rejected
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.