OpenSSH 4.6 (and higher) problem with LDAP

At work we upgraded some of our server a while ago and ran into a problem when upgrading from OpenSSH 4.5 to 4.6. It just stopped working. We use LDAP authentication and It would log an error “‘user’ is not in ‘sshgroup'”.

“id user” would confirm that they were indeed in sshgroup, and interestingly enough, adding them to a local group “sshgroup” would not help either.

I found a Gentoo Bug which provides some insight. It may be an x86_64 problem which has a patch in 4.7, but it is still happening on my servers in 5.1. In any case commenting out the LpkSearchTimelimit and LpkBindTimelimit configuration settings in /etc/ssh/sshd_config solved the problem for me.

Tags: , ,

Leave a Reply