View previous topic :: View next topic |
Author |
Message |
chris.c.hogan Apprentice
Joined: 02 Oct 2005 Posts: 189
|
Posted: Fri Jul 07, 2006 7:01 am Post subject: A very buggy startup |
|
|
I've noticed quite a few problems lately with my system startup.
The problem started with bug 99564. The ebuild maintainer reduced the problem as much as possible with nss_ldap-250-r1. However, I still consider it a bug that nss_ldap is trying to connect to the LDAP server before any network interfaces are set up. It should just fail if called from the boot run-level.
I've noticed other problems related to nsswitch.conf since then.
In comment #28 in the above bug, /etc/init.d/bootmisc causes problems because if this line: Code: | chown 0:0 /tmp/.{ICE,X11}-unix | chown 0:0 causes a LDAP lookup. However, if you change it to chown root:root, it fixes the problem. No LDAP lookup. Why?
My nsswitch.conf reads:
Code: |
passwd: files ldap
group: files ldap
shadow: files ldap
|
From my reading of the man page, this means that a name lookup should look in the local files first. If that fails, then it should look in LDAP. When I was hit by nss_ldap bug, I noticed every system account was being looked up in LDAP. Every service (including LDAP) took forever to start because of this. It seems the lookup is taking place in reverse, LDAP then files. Why?
I recently updated bind. It currently won't start if LDAP is in my nsswitch.conf. I can see in the logs that it's looking up the named account in LDAP. There is a named account in the local files. There is not in LDAP. Bind fails because LDAP says the account doesn't exist. getent passwd shows the account does exist in the local files.
Code: |
emerge -pv bind
[ebuild R ] net-dns/bind-9.3.2-r1 USE="berkdb doc ipv6 ldap mysql ssl threads -dlz -idn* -odbc -postgres" 0 kB
getent passwd | grep named
named:x:40:40:bind:/var/bind:/bin/false
|
A segment of my /var/log/syslog:
Quote: |
Jul 5 16:06:31 irasrv1 slapd[8897]: conn=246 op=1 BIND dn="" method=128
Jul 5 16:06:31 irasrv1 slapd[8897]: conn=246 op=1 RESULT tag=97 err=0 text=
Jul 5 16:06:31 irasrv1 slapd[8897]: conn=246 op=2 SRCH base="ou=People,dc=iranet,dc=internal" scope=1 deref=0 filter="(&(objectClass=posixAccount)(uid=named))"
Jul 5 16:06:31 irasrv1 slapd[8897]: conn=246 op=2 SEARCH RESULT tag=101 err=0 nentries=0 text=
|
Bind doesn't leave any logs because it never starts. I have it set chroot, which fails.
The last problem I'm having with my system startup involves changes to the /etc/conf.d/rc file. The latest base-layout includes support for starting init scripts when devices are hot-plugged. Cool idea. However, unless I disable this feature or stop it from working with network devices, it tries to start the network init scripts at the boot run level. Shouldn't this be implemented in the default run level? It would prevent an error. |
|
Back to top |
|
|
demiurgo n00b
Joined: 16 Feb 2004 Posts: 7 Location: Mexico
|
Posted: Wed Jul 12, 2006 12:57 am Post subject: similar issue between named and slapd |
|
|
I had a similar problem. In my case, named was being started before slapd, so I hacked a bit /etc/init.d/slapd and /etc/init.d/named, like this:
slapd:
Code: |
depend() {
need net
provide ldap
}
|
named:
Code: |
depend() {
need net
need ldap
use logger
provide dns
}
|
Basically, I "invented" the ldap keyword for service dependencies. I think, though, this should be handled by the ebuilds, given that there is an ldap USE flag. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|