On Wed, 18 Jun 2008 20:13:25 +0200, Buchan Milne <bgmilne@(protected):

> On Thursday 12 June 2008 20:22:07 J.A. Magallón wrote:
> > Hi all...
> >
> > I mantain two systems runing cooker, one 32 and other 64 bits.
> > Both use the same LDAP server for authentication.
>
> And config is identical, nscd running or not on both ?
>
> > After the latest cooker update of ldap, the 64-bit box can not resolve
> > the group IDs to group names:
> >
> > annwn:/etc# id magallon
> > uid=3001(magallon) gid=3000(giga) groups=3000(giga),10(wheel)
> >
> > cicely:/etc# id magallon
> > uid=3001(magallon) gid=3000 groups=3000,10(wheel)
> >
> > When I log in the 64bit box (cicely):
> > belly:~> ssh cicely
> > id: cannot find name for group ID 3000
> > cicely:~>
> >
> > The setup (/etc/ldap.[conf,secret], nsswitch.conf and so on) is exactly the
> > same, and both run the latest cooker updates.
> >
> > I used strace on 'id' for root, and noted some strange things
> > (I have masked the real addresses...):
> >
> > annwn:
> > ...
> > getsockname(3, {sa_family=AF_INET, sin_port=htons(51248),
> > sin_addr=inet_addr("155.210.xxx.xxx")}, [16]) = 0 getpeername(3,
> > {sa_family=AF_INET, sin_port=htons(389),
> > sin_addr=inet_addr("155.210.xxx.xxx")}, [16]) = 0 time(NULL)
> >                              = 1213283622
> > time(NULL)                              = 1213283622
> > ...
> >
> >
> > cicely:
> > ...
> > getsockname(3, {sa_family=AF_INET, sin_port=htons(34165),
> > sin_addr=inet_addr("155.210.xxx.xxx")}, [16]) = 0 getpeername(3,
> > {sa_family=AF_INET, sin_port=htons(389),
> > sin_addr=inet_addr("155.210.xxx.xxx")}, [68719476752]) = 0
> > gettimeofday({1213283637, 826073}, NULL) = 0
> > gettimeofday({1213283637, 826220}, NULL) = 0
> > ...
> >
> > Rarities:
> >
> > - why the code calls gettimeofday() in x86-64 and time(0) in x86-32 ?
> > - why the parameters are strange in x86-64 ?
>
> I haven't had a chance to look yet ...
>
> >
> > That strange value for size is repeated in many calls to getsockname and
> > getpeername all along the trace.
> >
> > Is this a bug in glibc/nss_ldap ?
>
> None of my machines are up-to-date on cooker. I will try and get my x86_64
> laptop up to cooker this week so I can look at it. Since nothing major has
> changed on libldap/nss_ldap, I'm suspecting glibc and/or the
> under-linking/over-linking issues ...
>

I finally found the answer (well, really, what makes it happen).
The difference is in /etc/ldap.conf:

nss_connect_policy persist (it works)

vs

nss_connect_policy oneshot (it breaks).

It breaks both in x86-32 and x86-64. Some part of the code forgets to
reopen the connection in oneshot mode.

For example, in oneshot:

annwn:~> id
uid=3001(magallon) gid=3000(giga) groups=10(wheel),3000(giga)

but in persistent mode

annwn:~> id
uid=3001(magallon) gid=3000(giga) groups=10(wheel),3000(giga),3007(giga_m),3009(giga_r)

which is the correct answer. This was 386. In x86-64, it just fails to
find the name for group 3000. Some data is just garbage, is reading
from a closed connection.

If someone can reproduce, I can file a bug report upstream.
Or that's for the mantainer ?

TIA

--
J.A. Magallon <jamagallon()ono!com>   \          Software is like sex:
                          \      It's better when it's free
Mandriva Linux release 2009.0 (Cooker) for i586
Linux 2.6.25-jam18 (gcc 4.3.1 20080626 (GCC) #1 SMP