LDAP user database errors

In case your machine uses an external LDAP server for the user database, and you see this error:

id: ldap-nss.c:1376: do_init: Assertion `cfg->ldc_uris[__session.ls_current_uri] != ((void *)0)' failed.

The solution is to check that you have no passwords in /etc/libnss-ldap.conf and make it world readable, because software needs to access it in order to access the user database.

This is apparently "normal" folk knowledge. Already in the BTS.

Now, why is /etc/libnss-ldap.conf not world readable by default? Because a debconf question offers it to be that way. Why does it do so? I have no idea, since passwords should go in the not world readable /etc/libnss-ldap.secret anyway.

Why do we get that assertion instead of something like cannot read /etc/libnss-ldap.conf?

These sort of obscure errors or behaviours happen so often that I start to believe it's an intentional coding style. Maybe LDAP needs to be something for élite sysadmins with a painful initiation path, so that only the Worth and Pure of Spirit can use the only sane way to have a central user database in Linux.

I almost feel like if I disclose these tricky bits one day I will be tied to a rock with an eagle eating my liver.