slapd starting too late...

[Joerg Pulz]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Fri, 28 Apr 2006, Pierre-Francois LAURAND wrote:

> Hi,
>
> We are using OpenLDAP as an authentification backend on a FreeBSD 6.1-RC 
> system.
> OpenLDAP port ( net/openldap23-server ) has been installed with the RCORDER 
> option activated, so /etc/rc.d/slapd is available instead of 
> ${PREFIX}/etc/rc.d/slapd.sh.
>
> When the system is starting, slapd comes up too late, after many others 
> daemons that require to retrieve user informations : nfsd/mountd ( when 
> /etc/exports contains options like -mapall=someuser,-maproot=someone... ), 
> named ( when launched with -u ), dhcpd, mysql, httpd.... All these daemon 
> require an unprivilegied user ( not in ldap, but in /etc/master.passwd ) to 
> run, but during the boot process, these daemons are waiting for slapd in an 
> endless loop.
> /var/log/message and /var/log/all.log only show messages like :
>
> nss_ldap: failed to bind to LDAP server 
> ldapi://%2fvar%2frun%2fopenldap%2fldapi/: Internal (implement
> ation specific) error
>
> In my case, slapd should be launched very early, before others daemons that 
> use getpw* systems calls.
>
> /etc/nsswitch.conf contains :
> group:    files [success=return notfound=continue] ldap [success=return 
> notfound=return unavail=return]
> passwd:   files [success=return notfound=continue] ldap [success=return 
> notfound=return unavail=return]
> hosts:    files dns
> networks: files
> shells:   files
>
> So, could you help me finding how can I tell slapd to start earlier during 
> the rc boot stage ? I'm think that I will have to play with the rcorder 
> options...

Hi,

i had the same problems here. I added "named" to the BEFORE line in the 
rcNG script that it looks like this:
# BEFORE: securelevel named

Note:
You should add "ldconfig" to the REQUIRE line in the SERVERS rcNG script 
so that it looks like this:
# REQUIRE: mountcritremote abi ldconfig
This only applies if your system is NOT CURRENT after Wed Apr 19 05:10:34 
2006 UTC.
I hope that this will get MFCd soon to have it in the RELENG_* versions 
too.
Why do you need this? The answer is quite simple, without this, slapd is 
unable to find the BerkeleyDB libraries which are necessary for the 
bdb-backend.

Additionally you could set "bind_policy soft" in 
${LOCALBASE}/etc/nss_ldap.conf to let nss_ldap return in case of 
connection problems to slapd instead of waiting forever.

Hope that helps
Joerg

- -- 
The beginning is the most important part of the work.
 				-Plato
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (FreeBSD)

iD8DBQFEUfENSPOsGF+KA+MRAt/3AKCsIpgUUIc6Cr+9mYyWZoipTykdbQCgofzB
C13LJdApWAfugFONCrz4TDs=
=/q9J
-----END PGP SIGNATURE-----