Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-dev

From: Benjamin Smee <strerror@g.o>
To: gentoo-dev@l.g.o
Cc: Bertram Scharpf <lists@×××××××××××××××.de>
Subject: Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports
Date: Mon, 22 Oct 2007 12:47:09
Message-Id: 200710221344.21550.strerror@gentoo.org
In Reply to: [gentoo-dev] Slapd calls nss_ldap before opening its ports by Bertram Scharpf
1 On Monday 22 October 2007 13:12:29 Bertram Scharpf wrote:
2 > Hi,
3 >
4 > when setting up LDAP Pam authentication I encountered a
5 > problem that seems to be neither Slapd- nor
6 > nss_ldap-specific.
7 >
8 > When running the init script there comes up an error that
9 > clutters up my syslog with a lot of useless error messages:
10 >
11 > @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $
12 > root@myhost:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/
13 >servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1:
14 > Can't contact LDAP server nss_ldap: failed to bind to LDAP server
15 > ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to
16 > LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server
17 > ...
18 > nss_ldap: could not search LDAP server - Server is unavailable
19 > WARNING: No dynamic config support for database ldbm.
20 > slapd starting
21 >
22 > I found out that the Gentoo init script activates the
23 > options "-u ldap -g ldap". Without them, the error messages
24 > do not appear. Therefore I suppose the slapd daemon tries to
25 > obtain passwd/shadow information for ldap via nss_ldap. At
26 > least when I say "compat" in nsswitch.conf, the error
27 > message doesn't appear as well.
28
29 instead of -u ldap -g ldap, try putting in the UID and GID. This should stop
30 the calls to the server.
31
32 > The files should be searched first. The "ldap" information
33 > is present in all three of them. I even tried to chown the
34 > shadow file to ldap but this didn't save me from the weird
35 > messages either.
36
37 Don't play with the perms on /etc/shadow, you're just openning up security
38 holes.
39
40
41 --
42 Benjamin Smee (strerror)
43 net-mail/netmon/forensics/crypto/ldap
44 Fingerprint: 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C
45 --
46 gentoo-dev@g.o mailing list

Replies

Subject Author
Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports Bertram Scharpf <lists@×××××××××××××××.de>
Report Message
Find on MARC Find on Google Groups