nss_ldap bug fix update

An updated nss_ldap package that fixes various bugs is now available.

The nss_ldap package contains the nss_ldap and pam_ldap modules. The
nss_ldap module is a plug-in which allows applications to retrieve
information about users and groups from a directory server. The pam_ldap
module allows PAM-aware applications to use a directory server to verify
user passwords.

This updated package addresses the following bugs:

* when resolving group membership information for a user, if the user
belonged to a nested group (that is, the group itself belonged to another
group), heap corruption and segmentation faults occurred. This update
backports improved parsing code which allows nss_ldap to handle nested
groups successfully. (BZ#426209, BZ#444086)

* nscd failed to close file descriptors when run against an LDAP
directory service. This resulted in loops which consumed all available
CPU. All file descriptors are now closed as part of this process, so the
error no longer presents. (BZ#491419)

* nss_ldap did not support paged results, so only partial lists were
returned when ennumerating users with getpwent(). Paged results are now
enabled and user lists should now be returned in full. (BZ#444058)

* man pages have been updated to include nss_ldap.5 and pam_ldap.5.
(BZ#447819)

Users are advised to upgrade to this updated package, which
resolves these issues.

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use
the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

444058 - [RFE] getpwent() not working with nss_ldap+ lots of users; add '--enable-paged-results' for nss_ldap
447819 - nss_ldap is missing man pages
491419 - leaking file descriptors

groups, manual