CASE 1: passwd: ldap shadow: files group: files # /usr/lib/openldap/slapd -d 256 -u ldap -g ldap -l daemon @(#) $OpenLDAP: slapd 2.3.43 (Sep 7 2008 03:36:13) $ root@gentoo.home:/var/tmp/portage/net-nds/openldap-2.3.43/work/openldap-2.3.43/servers/slapd ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_err2string No passwd entry for user ldap < == HERE IT IS Slapd DOES NOT start. IT takes 15 seconds to give up. CASE 2: passwd: ldap shadow: ldap group: files Exactly the same as Case 1. CASE 3: passwd: ldap shadow: ldap group: ldap Exactly the same as Case 1. CASE 4: passwd: files shadow: ldap group: ldap # /usr/lib/openldap/slapd -d 256 -u ldap -g ldap -l daemon @(#) $OpenLDAP: slapd 2.3.43 (Sep 7 2008 03:36:13) $ root@gentoo.home:/var/tmp/portage/net-nds/openldap-2.3.43/work/openldap-2.3.43/servers/slapd ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_err2string No group entry for group ldap < == HERE IT IS Slapd DOES NOT start. IT takes 15 seconds to give up. CASE 5: passwd: files shadow: files group: ldap Exactly the same as Case 4. CASE 6: passwd: files shadow: files group: files # /usr/lib/openldap/slapd -d 256 -u ldap -g ldap -l daemon @(#) $OpenLDAP: slapd 2.3.43 (Sep 7 2008 03:36:13) $ root@gentoo.home:/var/tmp/portage/net-nds/openldap-2.3.43/work/openldap-2.3.43/servers/slapd slapd starting It starts instantaneously. Of course, nothing is being looked up in LDAP. CASE 7: passwd: files [SUCCESS=return] ldap [UNAVAIL=return] shadow: files group: files # /usr/lib/openldap/slapd -d 256 -u ldap -g ldap -l daemon @(#) $OpenLDAP: slapd 2.3.43 (Sep 7 2008 03:36:13) $ root@gentoo.home:/var/tmp/portage/net-nds/openldap-2.3.43/work/openldap-2.3.43/servers/slapd slapd starting It starts instantaneously. BINGO! It performs as expected, because I DO have the ldap user in /etc/passwd: # cat /etc/passwd | grep ldap ldap:x:439:439:added by portage for openldap:/usr/lib/openldap:/usr/sbin/nologin CASE 8: passwd: files [SUCCESS=return] ldap [UNAVAIL=return] shadow: files [SUCCESS=return] ldap [UNAVAIL=return] group: files Exactly as Case 8. Expected, because the password it's probably not even looked up in the shadow file. CASE 9: passwd: files [SUCCESS=return] ldap [UNAVAIL=return] shadow: files [SUCCESS=return] ldap [UNAVAIL=return] group: files [SUCCESS=return] ldap [UNAVAIL=return] # /usr/lib/openldap/slapd -d 256 -u ldap -g ldap -l daemon @(#) $OpenLDAP: slapd 2.3.43 (Sep 7 2008 03:36:13) $ root@gentoo.home:/var/tmp/portage/net-nds/openldap-2.3.43/work/openldap-2.3.43/servers/slapd ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_err2string ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_create ldap_url_parse_ext(ldap://127.0.0.1/) ldap_simple_bind ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP 127.0.0.1:389 ldap_new_socket: 9 ldap_prepare_socket: 9 ldap_connect_to_host: Trying 127.0.0.1:389 ldap_connect_timeout: fd: 9 tm: 30 async: 0 ldap_ndelay_on: 9 ldap_is_sock_ready: 9 ldap_is_socket_ready: error on socket 9: errno: 111 (Connection refused) ldap_close_socket: 9 ldap_err2string ldap_unbind ldap_err2string slapd starting Whoops. This is like no case before. IT takes 30 SECONDS BUT it starts. It looks as if it's looking in the files AFTER the LDAP times out (of course it times out, it's not started yet). The point is that it seems that nss_ldap it's not respecting the order specified on the group line. It says files first, and then ldap. It looks as if nss_ldap looks into LDAP first and then in the files. Does it not? In your last comment you say: >> On the other hand if I change in /etc/nsswitch.conf as following: >> passwd: files ldap >> shadow files ldap >> group: files >> then slapd starts instantly without problems. > >This means that there are two groups that your system is trying to do a lookup >of, and /etc/groups doesn't contain them, so it goes to LDAP. How can it look for the group information in LDAP if the group line in nsswitch.conf contains only 'files'? Shouldn't it ONLY look in the passwd file in that case? Please let me know if this proof is not sufficient and I'll try to recompile nss_ldap with USE=debug to see what I can figure that way, but I'm not that good with programming and debugging. I'll try my best though.