>Number:         33974
>Category:       port-i386
>Synopsis:       nss_ldap bug
>Confidential:   no
>Severity:       critical
>Priority:       high
>Responsible:    port-i386-maintainer
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Jul 11 10:55:00 +0000 2006
>Originator:     Petr
>Release:        3.0
>Organization:
>Environment:
NetBSD neptune 3.0 NetBSD 3.0 (GENERIC) #0: Mon Dec 19 01:04:02 UTC 2005  builds@works.netbsd.org:/home/builds/ab/netbsd-3-0-RELEASE/i386/200512182024Z-obj/home/builds/ab/netbsd-3-0-RELEASE/src/sys/arch/i386/compile/GENERIC i386
>Description:
Ok guys, Ive encountered a critical problem with nss_ldap. This is on a production system and I need fix ASAP.

The system runs Samba 3 with OpenLDAP backend. 

The problem is the following: Once group membership reaches a certain number of users the group just disappears from the system. "getent groups" doesnt have the group and its users anymore and "groups" only shows the gid of the group, not the actual name of the group. nsswitch.conf has

group:          files ldap

I did read the bug report here:
http://mail-index.netbsd.org/pkgsrc-bugs/2006/03/04/0006.html

I downloaded the fixed netbsd.c and placed it in /usr/pkgsrc/databases/nss_ldap/files, overwriting the old one, and reinstalled the package, but the problem persists.

Please someone have a look at it. Its urgent!

Cheers,
>How-To-Repeat:
Well I think if you had the same setup like me, use Samba 3, nss_ldap, pam_ldap, and OpenLDAP then you could replicate it, then add around 50 users and the group with 50 users will disappear.
>Fix: