slapd starting too late...

Joerg Pulz Joerg.Pulz at
Fri Apr 28 10:40:27 UTC 2006

Hash: SHA1

On Fri, 28 Apr 2006, Pierre-Francois LAURAND wrote:

> Hi,
> We are using OpenLDAP as an authentification backend on a FreeBSD 6.1-RC 
> system.
> OpenLDAP port ( net/openldap23-server ) has been installed with the RCORDER 
> option activated, so /etc/rc.d/slapd is available instead of 
> ${PREFIX}/etc/rc.d/
> When the system is starting, slapd comes up too late, after many others 
> daemons that require to retrieve user informations : nfsd/mountd ( when 
> /etc/exports contains options like -mapall=someuser,-maproot=someone... ), 
> named ( when launched with -u ), dhcpd, mysql, httpd.... All these daemon 
> require an unprivilegied user ( not in ldap, but in /etc/master.passwd ) to 
> run, but during the boot process, these daemons are waiting for slapd in an 
> endless loop.
> /var/log/message and /var/log/all.log only show messages like :
> nss_ldap: failed to bind to LDAP server 
> ldapi://%2fvar%2frun%2fopenldap%2fldapi/: Internal (implement
> ation specific) error
> In my case, slapd should be launched very early, before others daemons that 
> use getpw* systems calls.
> /etc/nsswitch.conf contains :
> group:    files [success=return notfound=continue] ldap [success=return 
> notfound=return unavail=return]
> passwd:   files [success=return notfound=continue] ldap [success=return 
> notfound=return unavail=return]
> hosts:    files dns
> networks: files
> shells:   files
> So, could you help me finding how can I tell slapd to start earlier during 
> the rc boot stage ? I'm think that I will have to play with the rcorder 
> options...


i had the same problems here. I added "named" to the BEFORE line in the 
rcNG script that it looks like this:
# BEFORE: securelevel named

You should add "ldconfig" to the REQUIRE line in the SERVERS rcNG script 
so that it looks like this:
# REQUIRE: mountcritremote abi ldconfig
This only applies if your system is NOT CURRENT after Wed Apr 19 05:10:34 
2006 UTC.
I hope that this will get MFCd soon to have it in the RELENG_* versions 
Why do you need this? The answer is quite simple, without this, slapd is 
unable to find the BerkeleyDB libraries which are necessary for the 

Additionally you could set "bind_policy soft" in 
${LOCALBASE}/etc/nss_ldap.conf to let nss_ldap return in case of 
connection problems to slapd instead of waiting forever.

Hope that helps

- -- 
The beginning is the most important part of the work.
Version: GnuPG v1.4.3 (FreeBSD)


More information about the freebsd-ports mailing list