1.105.1. RHBA-2011:1030: nss_ldap bug fix update
An updated nss_ldap package that fixes various bugs is now available for Red Hat Enterprise Linux 5.
The nss_ldap package contains the nss_ldap and pam_ldap modules. The nss_ldap module allows applications to retrieve information about users and groups from a directory server. The pam_ldap module allows a directory server to be used by PAM-aware applications to verify user passwords.
This update fixes the following bugs:
* Prior to this update, using the getent utility to retrieve information about a group with a large number of users could take a very long time. This update applies a backported patch that addresses this issue and significantly improves the performance. (BZ#646329
* When the "netgroup" entry in the /etc/nsswitch.conf configuration file is set to "ldap files" and the connection to an LDAP server cannot be established, the system is supposed to search local files for netgroups instead. Previously, querying such a system for netgroups could incorrectly produce an empty list. This update corrects this error, and when the "netgroup" entry is set to "ldap files" and the LDAP server is unavailable, local files are now searched as expected. (BZ#664609
* When a system is configured to use LDAP accounts and a password expires, the relevant user is prompted to change it upon the next login. Previously, the pam_ldap module incorrectly allowed users to re-use their old passwords. With this update, this error no longer occurs, and users are no longer allowed to enter the same password when prompted to change it. (BZ#667758
* Due to a possible assertion failure in the nss_ldap module, the previous version of the nss_ldap package may have caused various applications that rely on the libldap library to terminate unexpectedly. With this update, a patch has been applied to prevent this assertion failure, resolving this issue. (BZ#688601
All users of nss_ldap are advised to upgrade to this updated package, which fixes these bugs.