Support #733
LDAP, /etc/nsswitch.conf
Status: | Closed | Start: | 04/04/2015 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% |
|
Category: | Calculate Linux Desktop KDE | Spent time: | - | |
Target version: | 14.16 | |||
Votes: | 1 |
Description
cat /etc/gentoo-release Calculate Linux Desktop 14.16 KDE
uname -a Linux calculate 3.18.9-calculate #1 SMP PREEMPT Fri Mar 13 17:20:01 UTC 2015 x86_64 Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz GenuineIntel GNU/Linux
Долгая загрузка системы, и авторизация пользователя, в логе /var/log/messages ругается LDAP
rc-update -a slapd | default
Но после перезагрузки он не запущен
/etc/init.d/slapd status * status: stopped
в ручную стартует
/etc/init.d/slapd start * Starting ldap-server ...
лог после старта
Apr 4 16:47:45 calculate slapd[27345]: @(#) $OpenLDAP: slapd 2.4.38 (Mar 30 2015 19:50:18) $ @sandbox:/var/calculate/tmp/portage/net-nds/openldap-2.4.38-r2/work/openldap-2.4.38-abi_x86_64.amd64/servers/slapd Apr 4 16:47:45 calculate slapd[27347]: hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/openldap-data: (2). Expect poor performance for suffix "dc=my-domain,dc=com". Apr 4 16:47:46 calculate slapd[27347]: slapd starting
Нагуглил и в результате обратил внимание, что файл /etc/nsswitch.conf был изменен недавно, возможно после обновления
ls -l /etc/nsswitch.conf -rw-r--r-- 1 root root 700 апр 2 18:35 nsswitch.conf
Удалил файл /etc/nsswitch.conf, после чего процесс загрузки и авторизации проходит нормально.
cat /etc/nsswitch.conf #------------------------------------------------------------------------------ # Modified Calculate-core 3.3.1.7 # Processed template files: # /var/lib/layman/calculate/profiles/templates/3.3/2_ac_install_merge/sys-libs/glibc/nsswitch.conf # For modify this file, create /etc/nsswitch.conf.clt template. #------------------------------------------------------------------------------ passwd: files ldap shadow: files ldap group: files ldap hosts: files dns networks: files dns services: files ldap protocols: files ldap rpc: db files ethers: db files netmasks: files netgroup: files ldap bootparams: files automount: files ldap aliases: files
History
Updated by Scott Bertilson over 9 years ago
I just ran into a similar problem in that I recently installed 14.12.1, had not updated for a few weeks, then updated last night; NOW I see a LOT of this sort of thing in /var/log/messages:
nss_ldap: failed to bind to LDAP server
Comparing with another instance (not yet updated) of CLDX, I see that, although it lists ldap in nsswitch.conf, it is missing /etc/ldap.conf so there is a quick end to attempts by pam_ldap to contact the LDAP server:
pam_ldap: missing file "/etc/ldap.conf"
This file is included with sys-auth/nss_ldap-265-r5 which is installed on both my non-updated and my updated host, but in my non-updated host /etc/ldap.conf isn't actually there.
I'm guessing that something changed in the templating / configuration setup which now allows the file to actually exist on the system....?
Updated by Scott Bertilson over 9 years ago
I'd see this as related or similar to the following from 7 months ago:
[openldap] nss_ldap failed to bind to LDAP (solved)
His solution was to edit /etc/nsswitch.conf to eliminate ldap from all the name services that had been using it. This seems like a reasonable approach to me, but I'd like to know if that's what would be the best approach (creating a template override to make it permanent).
Updated by Scott Bertilson over 9 years ago
Is there any way to create a template that would strip ldap from nsswitch.conf unless there is an ldap server running or is there some other trigger that might be used so that this could be automatic?
Updated by Scott Bertilson over 9 years ago
Or, better yet, is there a way to modify the settings in /etc/ldap.conf or the behavior of nss_ldap so that it more quickly discerns that there is no LDAP server available to query and moves on to the next available name service source?
Updated by Mikhail Hiretsky over 9 years ago
Fixed in templates for nss_ldap (removing ldap.conf).
Updated by Scott Bertilson over 9 years ago
Thanks for the fix.
Could you comment (or point me to something to read) on how this would be re-applied if one were to install and try to activate a local LDAP server to answer these queries? Would the normal process be to create a local override for the template to keep the file from being removed?
Updated by Mikhail Hiretsky over 9 years ago
If you want to configure ldap.conf then you should create /etc/ldap.conf.clt file with contents
# Calculate merge(sys-auth/nss_ldap)!=&&pkg(sys-auth/nss_ldap)!= ... you configuration data ...
Updated by Alexander Tratsevskiy over 9 years ago
- Status changed from New to Closed