From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IjzZw-0004O5-39 for garchives@archives.gentoo.org; Mon, 22 Oct 2007 15:52:32 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9MFpZAF007663; Mon, 22 Oct 2007 15:51:35 GMT Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.243]) by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l9MFn15n004165 for ; Mon, 22 Oct 2007 15:49:01 GMT Received: by an-out-0708.google.com with SMTP id c38so131167ana for ; Mon, 22 Oct 2007 08:49:01 -0700 (PDT) Received: by 10.78.170.6 with SMTP id s6mr3179310hue.1193068139199; Mon, 22 Oct 2007 08:48:59 -0700 (PDT) Received: by 10.78.21.9 with HTTP; Mon, 22 Oct 2007 08:48:59 -0700 (PDT) Message-ID: Date: Mon, 22 Oct 2007 08:48:59 -0700 From: "Alec Warner" Sender: antarus@scriptkitty.com To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports In-Reply-To: <20071022125634.GA32424@bart.bs.l> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <20071022121229.GA24735@bart.bs.l> <200710221344.21550.strerror@gentoo.org> <20071022125634.GA32424@bart.bs.l> X-Google-Sender-Auth: 8e236e06cc61f406 X-Archives-Salt: 5c2f24df-7980-4508-b2be-5423d6904f5f X-Archives-Hash: b654765c38ef01f7d33a6176b456639f On 10/22/07, Bertram Scharpf wrote: > Hi, > > Am Montag, 22. Okt 2007, 13:44:19 +0100 schrieb Benjamin Smee: > > On Monday 22 October 2007 13:12:29 Bertram Scharpf wrote: > > > > > > @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $ > > > root@myhost:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/ > > >servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: > > > Can't contact LDAP server nss_ldap: failed to bind to LDAP server > > > ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to > > > LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server > > > ... > > > nss_ldap: could not search LDAP server - Server is unavailable > > > > > > I found out that the Gentoo init script activates the > > > options "-u ldap -g ldap". Without them, the error messages > > > do not appear. Therefore I suppose the slapd daemon tries to > > > obtain passwd/shadow information for ldap via nss_ldap. At > > > least when I say "compat" in nsswitch.conf, the error > > > message doesn't appear as well. > > > > instead of -u ldap -g ldap, try putting in the UID and GID. This should stop > > the calls to the server. > > I forgot to mention that I tried this, too. The same > messages appear. > > Is there a way to determine _what_ nss is asked for? Sure, turn on nscd in super debug mode and you should see most, if not all the requests. -Alec > > > > I even tried to chown the > > > shadow file to ldap but this didn't save me from the weird > > > messages either. > > > > Don't play with the perms on /etc/shadow, you're just openning up security > > holes. > > That was just for a minute. Of course I recovered the > previous state immediately. > > Thanks anyway so far, > > Bertram > > > -- > Bertram Scharpf > Stuttgart, Deutschland/Germany > http://www.bertram-scharpf.de > -- > gentoo-dev@gentoo.org mailing list > > -- gentoo-dev@gentoo.org mailing list