From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IjwBf-00034Q-4r for garchives@archives.gentoo.org; Mon, 22 Oct 2007 12:15:15 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9MCENIM002549; Mon, 22 Oct 2007 12:14:23 GMT Received: from moutng.kundenserver.de (moutng.kundenserver.de [212.227.126.174]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l9MCCUaV032687 for ; Mon, 22 Oct 2007 12:12:30 GMT Received: from bs.l (e180058089.adsl.alicedsl.de [85.180.58.89]) by mrelayeu.kundenserver.de (node=mrelayeu1) with ESMTP (Nemesis) id 0MKwpI-1Ijw901G8w-0007G9; Mon, 22 Oct 2007 14:12:30 +0200 Received: from [192.168.1.22] (helo=bart.bs.l) by homer.bs.l with esmtp (Exim 4.67) (envelope-from ) id 1Ijw8z-000356-Pu for gentoo-dev@lists.gentoo.org; Mon, 22 Oct 2007 14:12:29 +0200 Received: from bsch by bart.bs.l with local (Exim 4.67) (envelope-from ) id 1Ijw8z-0004ss-Qt for gentoo-dev@lists.gentoo.org; Mon, 22 Oct 2007 14:12:29 +0200 Date: Mon, 22 Oct 2007 14:12:29 +0200 From: Bertram Scharpf To: gentoo-dev@lists.gentoo.org Subject: [gentoo-dev] Slapd calls nss_ldap before opening its ports Message-ID: <20071022121229.GA24735@bart.bs.l> Mail-Followup-To: gentoo-dev@lists.gentoo.org Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.5.16 (2007-06-09) X-Provags-ID: V01U2FsdGVkX18UVpsaBs1PMoJMNIUtyWS3WVz36x7R0iOSemj uC9gN5q/krFvm/x2hoijq2janGVfT3802MS2YLToHsb497BLKf vhCWDl2R9FNeLgQOnMVJfne22rgaynMaDUj/QGtaRo= X-Archives-Salt: 86e74cfe-a560-4953-9cc9-eaddbdba0900 X-Archives-Hash: 3ce15983cdd0b3fa191263276e496563 Hi, when setting up LDAP Pam authentication I encountered a problem that seems to be neither Slapd- nor nss_ldap-specific. When running the init script there comes up an error that clutters up my syslog with a lot of useless error messages: @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $ root@myhost:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: Can't contact LDAP server nss_ldap: failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server ... nss_ldap: could not search LDAP server - Server is unavailable WARNING: No dynamic config support for database ldbm. slapd starting I found out that the Gentoo init script activates the options "-u ldap -g ldap". Without them, the error messages do not appear. Therefore I suppose the slapd daemon tries to obtain passwd/shadow information for ldap via nss_ldap. At least when I say "compat" in nsswitch.conf, the error message doesn't appear as well. The thing I really wonder about is that the lines in nsswitch.conf say passwd: files ldap shadow: files ldap group: files ldap The files should be searched first. The "ldap" information is present in all three of them. I even tried to chown the shadow file to ldap but this didn't save me from the weird messages either. I detected I have a machine where this didn't happen. Then I upgraded from glibc-2.5-r4 to glibc-2.6.1 ... I tried to stuff log statements into glibc's nss part but I'm not experienced enough in glibc to do that in finite time. Could this it a real bug in glibc or any of its patches? Does anybody experience the same behaviour? Thanks in advance, Bertram -- Bertram Scharpf Stuttgart, Deutschland/Germany http://www.bertram-scharpf.de -- gentoo-dev@gentoo.org mailing list