On Friday 19 September 2008 09:34:28 J.A. Magallón wrote:
> On Wed, 18 Jun 2008 20:13:25 +0200, Buchan Milne <bgmilne@(protected)>
wrote:
> > On Thursday 12 June 2008 20:22:07 J.A. Magallón wrote:
> > > Hi all...
> > >
> > > I mantain two systems runing cooker, one 32 and other 64 bits.
> > > Both use the same LDAP server for authentication.
> >
> > And config is identical, nscd running or not on both ?
> >
> > > After the latest cooker update of ldap, the 64-bit box can not resolve
> > > the group IDs to group names:
> > >
> > > annwn:/etc# id magallon
> > > uid=3001(magallon) gid=3000(giga) groups=3000(giga),10(wheel)
> > >
> > > cicely:/etc# id magallon
> > > uid=3001(magallon) gid=3000 groups=3000,10(wheel)
> > >
> > > When I log in the 64bit box (cicely):
> > > belly:~> ssh cicely
> > > id: cannot find name for group ID 3000
> > > cicely:~>
> > >
> > > The setup (/etc/ldap.[conf,secret], nsswitch.conf and so on) is exactly
> > > the same, and both run the latest cooker updates.
> > >
> > > I used strace on 'id' for root, and noted some strange things
> > > (I have masked the real addresses...):
> > >
> > > annwn:
> > > ...
> > > getsockname(3, {sa_family=AF_INET, sin_port=htons(51248),
> > > sin_addr=inet_addr("155.210.xxx.xxx")}, [16]) = 0 getpeername(3,
> > > {sa_family=AF_INET, sin_port=htons(389),
> > > sin_addr=inet_addr("155.210.xxx.xxx")}, [16]) = 0 time(NULL)
> > >                              = 1213283622
> > > time(NULL)                              = 1213283622
> > > ...
> > >
> > >
> > > cicely:
> > > ...
> > > getsockname(3, {sa_family=AF_INET, sin_port=htons(34165),
> > > sin_addr=inet_addr("155.210.xxx.xxx")}, [16]) = 0 getpeername(3,
> > > {sa_family=AF_INET, sin_port=htons(389),
> > > sin_addr=inet_addr("155.210.xxx.xxx")}, [68719476752]) = 0
> > > gettimeofday({1213283637, 826073}, NULL) = 0
> > > gettimeofday({1213283637, 826220}, NULL) = 0
> > > ...
> > >
> > > Rarities:
> > >
> > > - why the code calls gettimeofday() in x86-64 and time(0) in x86-32 ?
> > > - why the parameters are strange in x86-64 ?
> >
> > I haven't had a chance to look yet ...
> >
> > > That strange value for size is repeated in many calls to getsockname
> > > and getpeername all along the trace.
> > >
> > > Is this a bug in glibc/nss_ldap ?
> >
> > None of my machines are up-to-date on cooker. I will try and get my
> > x86_64 laptop up to cooker this week so I can look at it. Since nothing
> > major has changed on libldap/nss_ldap, I'm suspecting glibc and/or the
> > under-linking/over-linking issues ...
>
> I finally found the answer (well, really, what makes it happen).
> The difference is in /etc/ldap.conf:
>
> nss_connect_policy persist (it works)
>
> vs
>
> nss_connect_policy oneshot (it breaks).
>
> It breaks both in x86-32 and x86-64. Some part of the code forgets to
> reopen the connection in oneshot mode.
>
> For example, in oneshot:
>
> annwn:~> id
> uid=3001(magallon) gid=3000(giga) groups=10(wheel),3000(giga)
>
> but in persistent mode
>
> annwn:~> id
> uid=3001(magallon) gid=3000(giga)
> groups=10(wheel),3000(giga),3007(giga_m),3009(giga_r)
>
> which is the correct answer. This was 386. In x86-64, it just fails to
> find the name for group 3000. Some data is just garbage, is reading
> from a closed connection.
>
> If someone can reproduce, I can file a bug report upstream.
> Or that's for the mantainer ?

Can you file upstream and cc me ?

Thanks,
Buchan