On 1/20/06, Dan Nelson <[EMAIL PROTECTED]> wrote: > In the last episode (Jan 20), Dominique Goncalves said: > > On 1/20/06, Daniel O'Connor <[EMAIL PROTECTED]> wrote: > > > I use OpenLDAP for authentication in conjunction with nss_ldap and > > > pam_ldap (and samba). I use the RCORDER port option so it put the > > > startup file in /etc/rc.d. > > > > > > In 5.4 this worked fine - it started up correctly and in the right > > > place. However I upgraded to 6.0-STABLE (11/12/05) and when I ran > > > mergemaster I accidentally told it to delete the rc.d file (doh..) > > > I then upgraded to a slightly later version of openldap (a newer > > > version of openldap23-server). > > > > > > The problem now is that OpenLDAP appears to start very late, since > > > lots of things need to do nss_ldap lookups it means bootup is very > > > glacial as they timeout. > > > > I've reported recently a problem with the same symptoms [1] but I use > > this order in my nsswitch.conf "files ldap". > > > > All exemples I found on internet use this order. And if I understand > > correctly, this order means, if a user is not found in files then it > > tries on ldap? > > > > [1] > > http://lists.freebsd.org/pipermail/freebsd-questions/2006-January/110581.html > > For the username lookup itself this is true, but to determine which > groups that user is a member of, it needs to fetch the entire group > list. That's probably the cause of your hang. Compare "id -u root" > (just looks up userid) with "id root" (looks up userid and group > memberships). > > In any case, I can't think of any reason why ldap queries would timeout > or hang, though. Either nss_ldap can connect to the remote ldap > service, or it can't, and if it can't it should realize this > immediately (unless your routes are messed up). Unfortunately, truss > doesn't tell you what syscall a process is waiting on when you ^C it; > try ktrace or strace and see if it gives you any more info.
I've updated my system with FreeBSD 6.0-STABLE #0: Thu Jan 19 21:51:24 CET 2006 but the hangs is still here. Here is results of the command "id" with "strace" executed on single user mode: strace with ldap in nsswitch.conf: http://djdomics.free.fr/FreeBSD/strace-nss-w-ldap.txt strace without ldap in nsswitch.conf: http://djdomics.free.fr/FreeBSD/strace-nss-wo-ldap.txt With the strace file with ldap enabled in nsswitch.conf, I see that FreeBSD tries to search the ldap server, and of course it can't connect because is not yet started. > -- > Dan Nelson > [EMAIL PROTECTED] > Regards. -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life." _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
