Hi. I've got a weird one for you.
System: CentOS 5, kernel 2.6.18-53.1.4 64-bit OpenLDAP: openldap-2.3.27 from RPM (openldap-servers-2.3.27-8.el5_1.3)
I'm using OpenLDAP for authentication via pam_ldap and this is going to be the secondary server (if I can ever get replication to work).
However, that's not the issue right now. This machine won't start LDAP unless I remove the "ldap" part from the "group" line of /etc/nsswitch.conf.
Won't start: group: files ldap
Will start: group: files
There are no log messages indicating a problem. slapd simply won't start. Has anyone ever heard of such a screwup and if so, any ideas as to what the fark is going on? ---------------------------------------------------------------------- - Rick Stevens, Unix Geek rps2@socal.rr.com - - - - If this is the first day of the rest of my life... - - I'm in BIG trouble! - ----------------------------------------------------------------------
On Tue, 1 Apr 2008, Rick Stevens wrote: ...
However, that's not the issue right now. This machine won't start LDAP unless I remove the "ldap" part from the "group" line of /etc/nsswitch.conf.
Won't start: group: files ldap
Do you start slapd with the -g option specifying a group that it should run as? Is that group defined in the /etc/group file? (If "no" for the latter, just how did you expect it to get the gid to run as?)
There are no log messages indicating a problem. slapd simply won't start.
You mean it exits? Or does it hang? Have you tried starting it with the option "-d255"?
Philip Guenther
On Tue, Apr 1, 2008 at 6:08 PM, Rick Stevens rps2@socal.rr.com wrote:
Hi. I've got a weird one for you.
System: CentOS 5, kernel 2.6.18-53.1.4 64-bit OpenLDAP: openldap-2.3.27 from RPM (openldap-servers-2.3.27-8.el5_1.3)
I'm using OpenLDAP for authentication via pam_ldap and this is going to be the secondary server (if I can ever get replication to work).
However, that's not the issue right now. This machine won't start LDAP unless I remove the "ldap" part from the "group" line of /etc/nsswitch.conf.
Won't start: group: files ldap
Will start: group: files
There are no log messages indicating a problem. slapd simply won't start. Has anyone ever heard of such a screwup and if so, any ideas as to what the fark is going on?
nss_ldap issue, easiest solution for now is to add: bind_policy soft
to /etc/ldap.conf
Regards, Buchan
Well, "slapd -d" and/or gdb should show you where it's hanging, which would be Very Useful Information.
We've found that CentOS 5 really, really, REALLY likes:
The bind_policy soft option forbids nss_ldap from retrying failed LDAP queries. If the default bind policy is used, LDAP will retry a query several times when the LDAP server is not present. This can cause a pause of several seconds during routine operations.
Maybe you can try that. I can document the "pause of several seconds" extending for hours. No, this should not be the case. No, this isn't the case on my Solaris boxes.
On Tue, 1 Apr 2008, Rick Stevens wrote:
Hi. I've got a weird one for you.
System: CentOS 5, kernel 2.6.18-53.1.4 64-bit OpenLDAP: openldap-2.3.27 from RPM (openldap-servers-2.3.27-8.el5_1.3)
I'm using OpenLDAP for authentication via pam_ldap and this is going to be the secondary server (if I can ever get replication to work).
However, that's not the issue right now. This machine won't start LDAP unless I remove the "ldap" part from the "group" line of /etc/nsswitch.conf.
Won't start: group: files ldap
Will start: group: files
There are no log messages indicating a problem. slapd simply won't start. Has anyone ever heard of such a screwup and if so, any ideas as to what the fark is going on?
- Rick Stevens, Unix Geek rps2@socal.rr.com -
-If this is the first day of the rest of my life... -I'm in BIG trouble! -
openldap-software@openldap.org
-
Aaron Richton -
Buchan Milne -
Philip Guenther -
Rick Stevens