[CALUG] Slapd starts up slowly
Bryan J Smith
b.j.smith at ieee.org
Tue Mar 1 09:47:48 EST 2011
There it is ...
"nss_ldap: failed to bind to LDAP server"
Remember, /etc/ldap.conf is NSS (e.g., nss_ldap).
And /etc/openldap/ldap.conf is OpenLDAP.
For Fedora-based clients, you will need to have _both_ configured. The main
Fedora client services (e.g., PAM, NSSwitch, etc...) use the NSS libraries, but
the OpenLDAP clients/tools may also connect to it as well. So it may very well
be that the OpenLDAP server (slapd) is up'n running fine, but your system's NSS
libraries can't bind to it because /etc/ldap.conf isn't configured correctly.
I don't know how this "add-on" works. Nominally for Fedora-based clients,
"system-config-authentication" is utilized. It handles setting up most of this,
for both NSS and OpenLDAP clients.
----- Original Message ----
From: Joe Tseng <joe_tseng at hotmail.com>
To: Bryan J Smith <b.j.smith at ieee.org>; calug at unknownlamer.org
Sent: Mon, February 28, 2011 9:22:30 PM
Subject: RE: [CALUG] Slapd starts up slowly
I was mistaken earlier; I was looking at /etc/openldap/ldap.conf; I never
configured /etc/ldap.conf. Regardless, updating that file made no
difference.
I did not have a log set up specifically to be generated by openldap. I
went ahead and configured slapd to generate a log while running and
restarted the service, but no messages were generated for that file. My
/var/log/messages looks like this:
$ sudo tail -f /var/log/messages
Feb 28 21:00:11 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 4 seconds)...
Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:00:15 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 8 seconds)...
Feb 28 21:00:23 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:00:23 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:00:23 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 16 seconds)...
Feb 28 21:00:39 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:00:39 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:00:39 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 32 seconds)...
Feb 28 21:01:11 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:01:11 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:01:11 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 64 seconds)...
Feb 28 21:02:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd: nss_ldap: could not search LDAP server -
Server is unavailable
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 4 seconds)...
Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 8 seconds)...
Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 16 seconds)...
Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 32 seconds)...
Feb 28 21:02:50 server0 smbd_audit: jtseng|10.1.0.106|create_file|fail (Is a
directory)|0x20089|pictures
Feb 28 21:02:50 server0 smbd_audit: jtseng|10.1.0.106|create_file|fail (Is a
directory)|0x20089|pictures/porsche918
Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 64 seconds)...
Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: could not search LDAP server
- Server is unavailable
I stopped the log when slapd was up and running:
$ sudo service slapd restart
Stopping slapd: [ OK ]
Starting slapd: [ OK ]
$ sudo service slapd status
slapd (pid 5726) is running...
$ ps -ef | grep slapd
ldap 5726 1 0 21:04 ? 00:00:00 /usr/sbin/slapd -h ldap:///
-u ldap
jtseng 5756 5501 0 21:05 pts/2 00:00:00 grep slapd
My includes for slapd are as follows:
include /etc/openldap/schema/corba.schema
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/duaconf.schema
include /etc/openldap/schema/dyngroup.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/java.schema
include /etc/openldap/schema/misc.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/openldap.schema
include /etc/openldap/schema/ppolicy.schema
include /etc/openldap/schema/collective.schema
include /etc/openldap/schema/samba.schema
include /etc/openldap/schema/autofs.schema
include /etc/openldap/schema/ldapns.schema
I imagine I won't need all of those but aside from core, inetorgperson,
openldap, samba, autofs and ldapns I wouldn't know what I can discard.
More information about the CALUG
mailing list