slapd starting too late...
Joerg Pulz
Joerg.Pulz at frm2.tum.de
Fri Apr 28 10:40:27 UTC 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, 28 Apr 2006, Pierre-Francois LAURAND wrote:
> Hi,
>
> We are using OpenLDAP as an authentification backend on a FreeBSD 6.1-RC
> system.
> OpenLDAP port ( net/openldap23-server ) has been installed with the RCORDER
> option activated, so /etc/rc.d/slapd is available instead of
> ${PREFIX}/etc/rc.d/slapd.sh.
>
> When the system is starting, slapd comes up too late, after many others
> daemons that require to retrieve user informations : nfsd/mountd ( when
> /etc/exports contains options like -mapall=someuser,-maproot=someone... ),
> named ( when launched with -u ), dhcpd, mysql, httpd.... All these daemon
> require an unprivilegied user ( not in ldap, but in /etc/master.passwd ) to
> run, but during the boot process, these daemons are waiting for slapd in an
> endless loop.
> /var/log/message and /var/log/all.log only show messages like :
>
> nss_ldap: failed to bind to LDAP server
> ldapi://%2fvar%2frun%2fopenldap%2fldapi/: Internal (implement
> ation specific) error
>
> In my case, slapd should be launched very early, before others daemons that
> use getpw* systems calls.
>
> /etc/nsswitch.conf contains :
> group: files [success=return notfound=continue] ldap [success=return
> notfound=return unavail=return]
> passwd: files [success=return notfound=continue] ldap [success=return
> notfound=return unavail=return]
> hosts: files dns
> networks: files
> shells: files
>
> So, could you help me finding how can I tell slapd to start earlier during
> the rc boot stage ? I'm think that I will have to play with the rcorder
> options...
Hi,
i had the same problems here. I added "named" to the BEFORE line in the
rcNG script that it looks like this:
# BEFORE: securelevel named
Note:
You should add "ldconfig" to the REQUIRE line in the SERVERS rcNG script
so that it looks like this:
# REQUIRE: mountcritremote abi ldconfig
This only applies if your system is NOT CURRENT after Wed Apr 19 05:10:34
2006 UTC.
I hope that this will get MFCd soon to have it in the RELENG_* versions
too.
Why do you need this? The answer is quite simple, without this, slapd is
unable to find the BerkeleyDB libraries which are necessary for the
bdb-backend.
Additionally you could set "bind_policy soft" in
${LOCALBASE}/etc/nss_ldap.conf to let nss_ldap return in case of
connection problems to slapd instead of waiting forever.
Hope that helps
Joerg
- --
The beginning is the most important part of the work.
-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)
iD8DBQFEUfENSPOsGF+KA+MRAt/3AKCsIpgUUIc6Cr+9mYyWZoipTykdbQCgofzB
C13LJdApWAfugFONCrz4TDs=
=/q9J
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list