On Mon, 2014-06-23 at 06:22 -0700, Howard Chu wrote:
Jakub Hrozek wrote:
On Wed, 2014-06-11 at 08:41 +0200, Jan Synacek wrote:
Is it intentional? If yes, could you please explain why, or point me to a documentation where I can find the answer?
A backtrace and a snippet of code follow:
#8 0x00007fda39c9e163 in __gethostbyname_r ( name=name@entry=0x7fff2548d140 "client.example.com", resbuf=resbuf@entry=0x7fff2548d120, buffer=0x1f33590 "\177", buflen=buflen@entry=992, result=result@entry=0x7fff2548d118, h_errnop=h_errnop@entry=0x7fff2548d10c) at ../nss/getXXbyYY_r.c:266 #9 0x00007fda3bb1b3de in ldap_pvt_gethostbyname_a ( name=name@entry=0x7fff2548d140 "client.example.com", resbuf=resbuf@entry=0x7fff2548d120, buf=buf@entry=0x7fff2548d110, result=result@entry=0x7fff2548d118, herrno_ptr=herrno_ptr@entry=0x7fff2548d10c) at util-int.c:350 #10 0x00007fda3bb1b5d0 in ldap_pvt_get_fqdn (name=0x7fff2548d140 "client.example.com", name@entry=0x0) at util-int.c:748 #11 0x00007fda3bb19b47 in ldap_int_initialize ( gopts=gopts@entry=0x7fda3bd40000 <ldap_int_global_options>, dbglvl=dbglvl@entry=0x0) at init.c:645 #12 0x00007fda3bb1a627 in ldap_set_option (ld=0x0, option=24582, invalue=0x7fff2548d2b0) at options.c:446 #13 0x00007fda30951cf6 in setup_tls_config (basic_opts=0x1f30450) at src/providers/ldap/sdap.c:533 #14 0x00007fda308214b3 in ldap_id_init_internal (bectx=0x1f12b40, ops=0x1f12cb0, pvt_data=0x7fff2548d5e8) at src/providers/ldap/ldap_init.c:146 #15 0x00007fda30821ba0 in sssm_ldap_id_init (bectx=0x1f12b40, ops=0x1f12cb0, pvt_data=0x1f12cb8) at src/providers/ldap/ldap_init.c:199 #16 0x000000000041b227 in load_backend_module (ctx=0x1f12b40, bet_type=BET_ID, bet_info=0x1f12ca8, default_mod_name=0x0) at src/providers/data_provider_be.c:2346 #17 0x000000000041ce4c in be_process_init (mem_ctx=0x1f0ba80, be_domain=0x1f093f0 "localipaldap", ev=0x1f0a630, cdb=0x1f0bb90) at src/providers/data_provider_be.c:2520 #18 0x000000000041fde6 in main (argc=3, argv=0x7fff2548e008) at src/providers/data_provider_be.c:2743
735 /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option, 736 * because the SSL/TLS context is initialized from this value. */ 737 ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT, 738 &ldap_opt_x_tls_require_cert); 739 if (ret != LDAP_OPT_SUCCESS) { 740 DEBUG(SSSDBG_CRIT_FAILURE, 741 "ldap_set_option failed: %s\n",sss_ldap_err2string(ret)); 742 return EIO; 743 }
Thanks,
Hi,
I already replied on the 18th, but I sent the mail to Jan only by accident. I'm copying my previous reply below:
FWIW, the backtrace comes from the SSSD. Only frames #14 and up are really relevant.
Since SSSD is often used in some kind of offline mode (either completely offline or just not connected to the VPN), startup should in my opinion be non-blocking.
Could there maybe be an option to pass in the hostname during initialization instead of having openldap figure it out? I'm fine with contributing a patch, if we agree on what the direction should be.
Put the hostname in /etc/hosts, end of story.
I don't think it's that simple. What IP address you'd put there? The public one? Then you'd break dynamic DNS and roaming clients (keep in mind this issue mostly hits laptops) as the client would have to synchronize the new IP address and the /etc/hosts record.
You could probably also try 127.0.0.1 (IIRC some distros even had this default record in /etc/hosts..) but then I suspect various issues with Kerberos..
What I was going to propose was an option that would let you set what ldap_pvt_get_fqdn() instead of the normalisation done with gethostname() and the following ldap_pvt_gethostbyname_a().