I recently set up a file server using Fedora and I configured it to run as a PDC with Samba and OpenLDAP. It had been running very smoothly until just last night when I discovered when I tried to restart the slapd service it would just sit there for a few minutes. After it did start I looked in /var/log/messages to see if I could glean some clues; it seems as part of "service slapd start" the system would request information from slapd in order to restart slapd. Seems pretty circular to me... I did not note any type of success message when slapd finally did wake up from suspended animation.
I did not set slapd to generate a log file previously but after I put in that parameter in slapd.conf and restarted the service I still didn't get any output. I did get this from /var/log/messages:
$ sudo tail -f /var/log/messages Feb 28 21:00:11 server0 slapd: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:00:15 server0 slapd: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Feb 28 21:00:23 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:00:23 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:00:23 server0 slapd: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... Feb 28 21:00:39 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:00:39 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:00:39 server0 slapd: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... Feb 28 21:01:11 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:01:11 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:01:11 server0 slapd: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... Feb 28 21:02:15 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:02:15 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:02:15 server0 slapd: nss_ldap: could not search LDAP server - Server is unavailable Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)... Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)... Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... Feb 28 21:02:50 server0 smbd_audit: jtseng|10.1.0.106|create_file|fail (Is a directory)|0x20089|pictures Feb 28 21:02:50 server0 smbd_audit: jtseng|10.1.0.106|create_file|fail (Is a directory)|0x20089|pictures/porsche918 Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)... Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: could not search LDAP server - Server is unavailable
I stopped the log when slapd was up and running:
$ sudo service slapd restart Stopping slapd: [ OK ] Starting slapd: [ OK ] $ sudo service slapd status slapd (pid 5726) is running...
$ ps -ef | grep slapd ldap 5726 1 0 21:04 ? 00:00:00 /usr/sbin/slapd -h ldap:/// -u ldap jtseng 5756 5501 0 21:05 pts/2 00:00:00 grep slapd
My includes for slapd are as follows:
include /etc/openldap/schema/corba.schema include /etc/openldap/schema/core.schema include /etc/openldap/schema/cosine.schema include /etc/openldap/schema/duaconf.schema include /etc/openldap/schema/dyngroup.schema include /etc/openldap/schema/inetorgperson.schema include /etc/openldap/schema/java.schema include /etc/openldap/schema/misc.schema include /etc/openldap/schema/nis.schema include /etc/openldap/schema/openldap.schema include /etc/openldap/schema/ppolicy.schema include /etc/openldap/schema/collective.schema include /etc/openldap/schema/samba.schema include /etc/openldap/schema/autofs.schema include /etc/openldap/schema/ldapns.schema
I imagine I won't need all of those but aside from core, inetorgperson, openldap, samba, autofs and ldapns I wouldn't know what I can discard. I know including various schemas can add to the boot time but this has not shown itself to be a problem in the recent past. As far as users are concerned it's just me, the wife, my son and three workstations.
I hope someone can clue me in... Thanks.
- Joe
Am Tue, 1 Mar 2011 09:37:05 -0500 schrieb Joe Tseng joe_tseng@hotmail.com:
I recently set up a file server using Fedora and I configured it to run as a PDC with Samba and OpenLDAP. It had been running very smoothly until just last night when I discovered when I tried to restart the slapd service it would just sit there for a few minutes. After it did start I looked in /var/log/messages to see if I could glean some clues; it seems as part of "service slapd start" the system would request information from slapd in order to restart slapd. Seems pretty circular to me... I did not note any type of success message when slapd finally did wake up from suspended animation.
I did not set slapd to generate a log file previously but after I put in that parameter in slapd.conf and restarted the service I still didn't get any output. I did get this from /var/log/messages:
$ sudo tail -f /var/log/messages Feb 28 21:00:11 server0 slapd: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://hda.at.home: Can't contact LDAP server Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server Feb 28
[...]
I hope someone can clue me in... Thanks.
It seems slapd is down, run slapd in debugging mode ./slapd -h ldap:/// -F /etc/openldap/slapd.d -u <user> -g >group> -d256
If this doesn't give any information set debugging level to something more informative, according to man slapd.conf(5) parameter loglevel.
-Dieter
----- "Joe Tseng" joe_tseng@hotmail.com wrote:
I recently set up a file server using Fedora and I configured it to run as a PDC with Samba and OpenLDAP. It had been running very smoothly until just last night when I discovered when I tried to restart the slapd service it would just sit there for a few minutes. After it did start I looked in /var/log/messages to see if I could glean some clues; it seems as part of "service slapd start" the system would request information from slapd in order to restart slapd.
The question here is, what is "the system". The answer is, NSS, most likely NSS calling nss_ldap.
Seems pretty circular to me... I did not note any type of success message when slapd finally did wake up from suspended animation.
It's not really slapd that was suspended, as is evident from your logs, but nss_ldap.
Did you try and restart any other services while ldap was not running? Did you notice they exhibited the same behaviour?
Anyway, easiest fix for now:
echo "bind_policy soft" >> /etc/ldap.conf
Regards, Buchan
I found the link below that sounds exactly like my problem:
https://bugzilla.redhat.com/show_bug.cgi?id=553032
I did notice httpd was hung. I configured it so it'd auth against LDAP for my SVN repos; it started right up by hand after slapd was running. My rpcidmapd also hung - is there a dependency there too?
BTW "bind_policy soft" works for me. Thank you for the help!
- Joe
(FYI I'm running F12 because that's what was available for Amahi back in November. Since Amahi 6 for F14 is released today I'll work on upgrading my PDC this weekend.)
-----Original Message----- From: Buchan Milne Sent: Wednesday, March 02, 2011 5:11 AM To: Joe Tseng Cc: openldap-technical@openldap.org Subject: Re: Slapd restarting slowly
----- "Joe Tseng" joe_tseng@hotmail.com wrote:
I recently set up a file server using Fedora and I configured it to run as a PDC with Samba and OpenLDAP. It had been running very smoothly until just last night when I discovered when I tried to restart the slapd service it would just sit there for a few minutes. After it did start I looked in /var/log/messages to see if I could glean some clues; it seems as part of "service slapd start" the system would request information from slapd in order to restart slapd.
The question here is, what is "the system". The answer is, NSS, most likely NSS calling nss_ldap.
Seems pretty circular to me... I did not note any type of success message when slapd finally did wake up from suspended animation.
It's not really slapd that was suspended, as is evident from your logs, but nss_ldap.
Did you try and restart any other services while ldap was not running? Did you notice they exhibited the same behaviour?
Anyway, easiest fix for now:
echo "bind_policy soft" >> /etc/ldap.conf
Regards, Buchan
openldap-technical@openldap.org
-
Buchan Milne -
Dieter Kluenter -
Joe Tseng