Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Alec Warner <antarus@g.o>
To: gentoo-dev@l.g.o
Subject: Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports
Date: Mon, 22 Oct 2007 15:52:32
Message-Id: b41005390710220848u30f5e72fi444ee267c438009f@mail.gmail.com
In Reply to: Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports by Bertram Scharpf
1 On 10/22/07, Bertram Scharpf <lists@×××××××××××××××.de> wrote:
2 > Hi,
3 >
4 > Am Montag, 22. Okt 2007, 13:44:19 +0100 schrieb Benjamin Smee:
5 > > On Monday 22 October 2007 13:12:29 Bertram Scharpf wrote:
6 > > >
7 > > > @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $
8 > > > root@myhost:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/
9 > > >servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1:
10 > > > Can't contact LDAP server nss_ldap: failed to bind to LDAP server
11 > > > ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to
12 > > > LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server
13 > > > ...
14 > > > nss_ldap: could not search LDAP server - Server is unavailable
15 > > >
16 > > > I found out that the Gentoo init script activates the
17 > > > options "-u ldap -g ldap". Without them, the error messages
18 > > > do not appear. Therefore I suppose the slapd daemon tries to
19 > > > obtain passwd/shadow information for ldap via nss_ldap. At
20 > > > least when I say "compat" in nsswitch.conf, the error
21 > > > message doesn't appear as well.
22 > >
23 > > instead of -u ldap -g ldap, try putting in the UID and GID. This should stop
24 > > the calls to the server.
25 >
26 > I forgot to mention that I tried this, too. The same
27 > messages appear.
28 >
29 > Is there a way to determine _what_ nss is asked for?
30
31 Sure, turn on nscd in super debug mode and you should see most, if not
32 all the requests.
33
34 -Alec
35
36 >
37 > > > I even tried to chown the
38 > > > shadow file to ldap but this didn't save me from the weird
39 > > > messages either.
40 > >
41 > > Don't play with the perms on /etc/shadow, you're just openning up security
42 > > holes.
43 >
44 > That was just for a minute. Of course I recovered the
45 > previous state immediately.
46 >
47 > Thanks anyway so far,
48 >
49 > Bertram
50 >
51 >
52 > --
53 > Bertram Scharpf
54 > Stuttgart, Deutschland/Germany
55 > http://www.bertram-scharpf.de
56 > --
57 > gentoo-dev@g.o mailing list
58 >
59 >
60 --
61 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports Bertram Scharpf <lists@×××××××××××××××.de>
Report Message
Find on MARC Find on Google Groups