Support #733
LDAP, /etc/nsswitch.conf
Статус: | Closed | Начата: | 04.04.2015 | |
---|---|---|---|---|
Приоритет: | Normal | Дата выполнения: | ||
Назначена: | - | Готовность в %: | 0% |
|
Категория: | Calculate Linux Desktop KDE | Затраченное время: | - | |
Версия: | 14.16 | |||
Голоса: | 1 |
Описание
cat /etc/gentoo-release Calculate Linux Desktop 14.16 KDE
uname -a Linux calculate 3.18.9-calculate #1 SMP PREEMPT Fri Mar 13 17:20:01 UTC 2015 x86_64 Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz GenuineIntel GNU/Linux
Долгая загрузка системы, и авторизация пользователя, в логе /var/log/messages ругается LDAP
rc-update -a slapd | default
Но после перезагрузки он не запущен
/etc/init.d/slapd status * status: stopped
в ручную стартует
/etc/init.d/slapd start * Starting ldap-server ...
лог после старта
Apr 4 16:47:45 calculate slapd[27345]: @(#) $OpenLDAP: slapd 2.4.38 (Mar 30 2015 19:50:18) $ @sandbox:/var/calculate/tmp/portage/net-nds/openldap-2.4.38-r2/work/openldap-2.4.38-abi_x86_64.amd64/servers/slapd Apr 4 16:47:45 calculate slapd[27347]: hdb_db_open: warning - no DB_CONFIG file found in directory /var/lib/openldap-data: (2). Expect poor performance for suffix "dc=my-domain,dc=com". Apr 4 16:47:46 calculate slapd[27347]: slapd starting
Нагуглил и в результате обратил внимание, что файл /etc/nsswitch.conf был изменен недавно, возможно после обновления
ls -l /etc/nsswitch.conf -rw-r--r-- 1 root root 700 апр 2 18:35 nsswitch.conf
Удалил файл /etc/nsswitch.conf, после чего процесс загрузки и авторизации проходит нормально.
cat /etc/nsswitch.conf #------------------------------------------------------------------------------ # Modified Calculate-core 3.3.1.7 # Processed template files: # /var/lib/layman/calculate/profiles/templates/3.3/2_ac_install_merge/sys-libs/glibc/nsswitch.conf # For modify this file, create /etc/nsswitch.conf.clt template. #------------------------------------------------------------------------------ passwd: files ldap shadow: files ldap group: files ldap hosts: files dns networks: files dns services: files ldap protocols: files ldap rpc: db files ethers: db files netmasks: files netgroup: files ldap bootparams: files automount: files ldap aliases: files
История
Обновлено Scott Bertilson больше 9 лет назад
I just ran into a similar problem in that I recently installed 14.12.1, had not updated for a few weeks, then updated last night; NOW I see a LOT of this sort of thing in /var/log/messages:
nss_ldap: failed to bind to LDAP server
Comparing with another instance (not yet updated) of CLDX, I see that, although it lists ldap in nsswitch.conf, it is missing /etc/ldap.conf so there is a quick end to attempts by pam_ldap to contact the LDAP server:
pam_ldap: missing file "/etc/ldap.conf"
This file is included with sys-auth/nss_ldap-265-r5 which is installed on both my non-updated and my updated host, but in my non-updated host /etc/ldap.conf isn't actually there.
I'm guessing that something changed in the templating / configuration setup which now allows the file to actually exist on the system....?
Обновлено Scott Bertilson больше 9 лет назад
I'd see this as related or similar to the following from 7 months ago:
[openldap] nss_ldap failed to bind to LDAP (solved)
His solution was to edit /etc/nsswitch.conf to eliminate ldap from all the name services that had been using it. This seems like a reasonable approach to me, but I'd like to know if that's what would be the best approach (creating a template override to make it permanent).
Обновлено Scott Bertilson больше 9 лет назад
Is there any way to create a template that would strip ldap from nsswitch.conf unless there is an ldap server running or is there some other trigger that might be used so that this could be automatic?
Обновлено Scott Bertilson больше 9 лет назад
Or, better yet, is there a way to modify the settings in /etc/ldap.conf or the behavior of nss_ldap so that it more quickly discerns that there is no LDAP server available to query and moves on to the next available name service source?
Обновлено Mikhail Hiretsky больше 9 лет назад
Fixed in templates for nss_ldap (removing ldap.conf).
Обновлено Scott Bertilson больше 9 лет назад
Thanks for the fix.
Could you comment (or point me to something to read) on how this would be re-applied if one were to install and try to activate a local LDAP server to answer these queries? Would the normal process be to create a local override for the template to keep the file from being removed?
Обновлено Mikhail Hiretsky больше 9 лет назад
If you want to configure ldap.conf then you should create /etc/ldap.conf.clt file with contents
# Calculate merge(sys-auth/nss_ldap)!=&&pkg(sys-auth/nss_ldap)!= ... you configuration data ...
Обновлено Alexander Tratsevskiy больше 9 лет назад
- Параметр Статус изменился с New на Closed