[CALUG] Slapd starts up slowly

Bryan J Smith b.j.smith at ieee.org
Tue Mar 1 21:04:45 EST 2011


I'm still curious how it worked before.  Can you send me your ldap.conf files 
off-list?  I'm not entirely sure it's the same problem.

Also remember that if you upgrade to F14, not all of your add-ons may be 
available for it.  But yes, sssd is much nicer than a lot of the legacy nss 
stuff.



----- Original Message ----
From: Joe Tseng <joe_tseng at hotmail.com>
To: Bryan J Smith <b.j.smith at ieee.org>; calug at unknownlamer.org
Sent: Tue, March 1, 2011 8:18:20 PM
Subject: Re: [CALUG] Slapd starts up slowly

https://bugzilla.redhat.com/show_bug.cgi?id=553032

I think I will be migrating to F14 this weekend; that should eliminate this 
problem.

-----Original Message----- From: Bryan J Smith
Sent: Tuesday, March 01, 2011 9:47 AM
To: Joe Tseng ; calug at unknownlamer.org
Subject: Re: [CALUG] Slapd starts up slowly

There it is ...

"nss_ldap: failed to bind to LDAP server"

Remember, /etc/ldap.conf is NSS (e.g., nss_ldap).
And /etc/openldap/ldap.conf is OpenLDAP.

For Fedora-based clients, you will need to have _both_ configured.  The main
Fedora client services (e.g., PAM, NSSwitch, etc...) use the NSS libraries, but
the OpenLDAP clients/tools may also connect to it as well.  So it may very well
be that the OpenLDAP server (slapd) is up'n running fine, but your system's NSS
libraries can't bind to it because /etc/ldap.conf isn't configured correctly.

I don't know how this "add-on" works.  Nominally for Fedora-based clients,
"system-config-authentication" is utilized.  It handles setting up most of this,
for both NSS and OpenLDAP clients.



----- Original Message ----
From: Joe Tseng <joe_tseng at hotmail.com>
To: Bryan J Smith <b.j.smith at ieee.org>; calug at unknownlamer.org
Sent: Mon, February 28, 2011 9:22:30 PM
Subject: RE: [CALUG] Slapd starts up slowly

I was mistaken earlier; I was looking at /etc/openldap/ldap.conf; I never
configured /etc/ldap.conf.  Regardless, updating that file made no
difference.

I did not have a log set up specifically to be generated by openldap.  I
went ahead and configured slapd to generate a log while running and
restarted the service, but no messages were generated for that file.  My
/var/log/messages looks like this:

$ sudo tail -f /var/log/messages
Feb 28 21:00:11 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 4 seconds)...
Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:00:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:00:15 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 8 seconds)...
Feb 28 21:00:23 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:00:23 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:00:23 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 16 seconds)...
Feb 28 21:00:39 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:00:39 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:00:39 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 32 seconds)...
Feb 28 21:01:11 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:01:11 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:01:11 server0 slapd: nss_ldap: reconnecting to LDAP server
(sleeping 64 seconds)...
Feb 28 21:02:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd: nss_ldap: could not search LDAP server -
Server is unavailable
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:15 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 4 seconds)...
Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:19 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 8 seconds)...
Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:27 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 16 seconds)...
Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:02:43 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 32 seconds)...
Feb 28 21:02:50 server0 smbd_audit: jtseng|10.1.0.106|create_file|fail (Is a
directory)|0x20089|pictures
Feb 28 21:02:50 server0 smbd_audit: jtseng|10.1.0.106|create_file|fail (Is a
directory)|0x20089|pictures/porsche918
Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:03:15 server0 slapd[5555]: nss_ldap: reconnecting to LDAP server
(sleeping 64 seconds)...
Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://hda.at.home: Can't contact LDAP server
Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: failed to bind to LDAP server
ldap://127.0.0.1/: Can't contact LDAP server
Feb 28 21:04:19 server0 slapd[5555]: nss_ldap: could not search LDAP server
- Server is unavailable


I stopped the log when slapd was up and running:


$ sudo service slapd restart
Stopping slapd:                                            [  OK  ]
Starting slapd:                                            [  OK  ]
$ sudo service slapd status
slapd (pid  5726) is running...

$ ps -ef | grep slapd
ldap      5726     1  0 21:04 ?        00:00:00 /usr/sbin/slapd -h  ldap:///
-u ldap
jtseng    5756  5501  0 21:05 pts/2    00:00:00 grep slapd


My includes for slapd are as follows:

include         /etc/openldap/schema/corba.schema
include         /etc/openldap/schema/core.schema
include         /etc/openldap/schema/cosine.schema
include         /etc/openldap/schema/duaconf.schema
include         /etc/openldap/schema/dyngroup.schema
include         /etc/openldap/schema/inetorgperson.schema
include         /etc/openldap/schema/java.schema
include         /etc/openldap/schema/misc.schema
include         /etc/openldap/schema/nis.schema
include         /etc/openldap/schema/openldap.schema
include         /etc/openldap/schema/ppolicy.schema
include         /etc/openldap/schema/collective.schema
include         /etc/openldap/schema/samba.schema
include         /etc/openldap/schema/autofs.schema
include         /etc/openldap/schema/ldapns.schema

I imagine I won't need all of those but aside from core, inetorgperson,
openldap, samba, autofs and ldapns I wouldn't know what I can discard. 





More information about the CALUG mailing list