[Bug 409999] New: System hang after ldap integration
https://bugzilla.novell.com/show_bug.cgi?id=409999 Summary: System hang after ldap integration Product: openSUSE 11.0 Version: Final Platform: i686 OS/Version: openSUSE 11.0 Status: NEW Severity: Normal Priority: P5 - None Component: Booting AssignedTo: jsrain@novell.com ReportedBy: tehlers@gwdg.de QAContact: jsrain@novell.com CC: emoenke@gwdg.de Found By: --- After configuring ldap in yast2 system hangs during boot at dbus startup. When putting dbus start in background with ( ) & in init-Skript, the system hangs at hald-startup. The Problem is introduced because yast2 configures nsswitch.conf to only use ldap, no local files anymore: [...] passwd: compat group: files ldap [...] passwd_compat: ldap In previous SUSE-versions this setup was working: [...] passwd: compat group: compat [...] passwd_compat: files ldap group_compat: files ldap After changing it to the setup above, dbus and hald starts normal during boot, but ldap doesn't work anymore. I think these are three bugs. At first yast should not disable local auth when using ldap. Secondly local auth and ldap doesn't work (is this the reason why yast configures only ldap?). And thirdly daemons starting during boot should, under no circumstances, wait in infinite loop so bootup is impossible then. So what is the problem here? Thank you Tim Ehlers -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=409999
Jiri Srain
https://bugzilla.novell.com/show_bug.cgi?id=409999
User jsuchome@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c1
Jiří Suchomel
https://bugzilla.novell.com/show_bug.cgi?id=409999
User tehlers@gwdg.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c2
--- Comment #2 from Tim Ehlers
https://bugzilla.novell.com/show_bug.cgi?id=409999
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c3
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=409999
User tehlers@gwdg.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c4
Tim Ehlers
https://bugzilla.novell.com/show_bug.cgi?id=409999
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c5
Ralf Haferkamp
https://bugzilla.novell.com/show_bug.cgi?id=409999
User tehlers@gwdg.de added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c6
Tim Ehlers
https://bugzilla.novell.com/show_bug.cgi?id=409999
User rhafer@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=409999#c7
Ralf Haferkamp
Hello Ralf,
your absolute on the right way. I didn't know that /etc/ldap.conf is a config file for nss_ldap. I always made /etc/openldap/ldap.conf and /etc/ldap.conf equal. In the initial description you mentioned that you used YaST to setup the LDAP client configuration. There is no need to touch /etc/ldap.conf after that. Additionally /etc/ldap.conf and /etc/openldap/ldap.conf are two differnt files for two different purposes which support very different sets of options. You cannot just copy one of them to the other.
This seems to bring all this problems in opensuse 11. When using the file you attached above as /etc/ldap.conf, nss_ldap will block until a connection to the LDAP server can be estabilished (this is what you see during bootup). It is the documented default when no "bind_policy" option is set in /etc/ldap.conf. The problem with this is, that during booting, when dbus is started no network interface is available so no connections can be created. It is a bit unfortunate that nss_ldap uses this default but it can be configured correctly very easily. YaST will set the "bind_policy" option to "soft" which avoids the above problem. (Additionally the default /etc/ldap.conf file, that ships with the system contains this options as well).
But nevertheless in previous versions of opensuse (until now) this was never a problem. The above connection behavior of nss_ldap is already present sinces a few years I think.
Seems that openldap made it correct by default without a valid /etc/ldap.conf.
And shouldn't it be changed to stuck in infinite loops during boot, when ldap is misconfigured. The default configuration that the configuration created with YaST doesn't show this behavior. Please try to setup your system again with YaST (leaving /etc/ldap.conf) unchanged after that. If it still fails afterwards please reopen this bugreport. I'll close it as invalid for now.
-- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com