On Fri, 23 Jan 2009, Olf Epler wrote:

>   Hello Jon,
>
> if I start my ldap server in debug mode I can see
> that it answers on port 389 and also - the other case -
> on port 636.
> There is nothing wrong in the debug output from the server.
> On the other hand I found that a downgrade to nss_ldap-253-5
> should solve the problem. This is also not true or only a
> part of the game.
> In the case I try to login on console (ldaps configured)
> I get as root:
> pam_unix(login:session): session opened for user root
> ROOT LOGIN ON tty1
> pam_unix(login:session): session closed for user root
>
> and for other users:
> pam_console(login:session): handler '/sbin/pam_console_apply'
> caught a signal 13
>
> This is already posted in many sites.
>
> So I believe this is not a configuration problem, this is a
> bug in the nss/pam version that is used in SL-5.2.

Certainly almost all the problems which were reported look like they were 
caused/triggered by the newer nss_ldap update, so you might want to check 
the list archives in case any of the earlier messages show up config 
changes that might help fix the problem.  At least a couple of people 
reported configs which (with lapds/starttls) worked for them with the 
newer nss_ldap version.

The other errors sound a _bit_ like the problems with uid/gid lookups for 
processes (like udev/hald) which are started before lapd is available (and 
needed something adding to an exclusion list).  Again there were several 
earlier messages mentioning things to check/add.

> My next step is a full nss/pam downgrade to the SL-5.1 versions.
>
> Regards, Olf

  -- Jon