Bug 158996

Summary:	>nss_ldap-239-r1. Does it really work?
Product:	Gentoo Linux	Reporter:	Norberto Bensa <nbensa>
Component:	New packages	Assignee:	Gentoo Linux bug wranglers <bug-wranglers>
Status:	RESOLVED INVALID
Severity:	normal
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Other
Whiteboard:
Package list:		Runtime testing required:	---

Description Norberto Bensa 2006-12-23 23:53:27 UTC

If I use nss_ldap-239-r1, everything seems to work OK, but any version after that gives this upon slapd start:

Dec 24 04:32:24 zeddmore slapd[27327]: @(#) $OpenLDAP: slapd 2.3.30 (Dec 23 2006 13:57:08) $    portage@zeddmore:/var/tmp/portage/net-nds/openldap-2.3.30-r1/work/openldap-2.3.30/servers/slapd
Dec 24 04:32:24 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Dec 24 04:32:25 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 2 seconds)...
Dec 24 04:32:27 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Dec 24 04:32:31 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Dec 24 04:32:39 zeddmore slapd[27327]: nss_ldap: could not search LDAP server - Server is unavailable
Dec 24 04:32:39 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Dec 24 04:32:40 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 2 seconds)...
Dec 24 04:32:42 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Dec 24 04:32:46 zeddmore slapd[27327]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...
Dec 24 04:32:54 zeddmore slapd[27327]: nss_ldap: could not search LDAP server - Server is unavailable
Dec 24 04:32:54 zeddmore slapd[27330]: slapd starting


After that, if I do emerge what-ever-package, I get:

zeddmore nbensa # emerge -v pam_ldap
Calculating dependencies... done!

>>> Emerging (1 of 1) sys-auth/pam_ldap-183 to /

... and nothing else. I just dies with no message. /var/log/messages:

Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 fd=12 ACCEPT from IP=192.168.1.1:1275 (IP=0.0.0.0:389)
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=0 STARTTLS
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=0 RESULT oid= err=0 text=
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 fd=12 TLS established tls_ssf=256 ssf=256
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=1 BIND dn="cn=manager,dc=bensa,dc=ar" method=128
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=1 BIND dn="cn=manager,dc=bensa,dc=ar" mech=SIMPLE ssf=0
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=1 RESULT tag=97 err=0 text=
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=2 SRCH base="ou=Group,dc=bensa,dc=ar" scope=1 deref=0 filter="(&(objectClass=posixGroup))"
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=2 SRCH attr=cn userPassword memberUid uniqueMember gidNumber
Dec 24 04:33:27 zeddmore slapd[27330]: conn=0 op=2 SEARCH RESULT tag=101 err=0 nentries=72 text=
Dec 24 04:33:34 zeddmore slapd[27330]: conn=0 fd=12 closed (connection lost)


I'm stuck here since two or three weeks. I've read Gentoo/Debian LDAP guides. I've looked at some bug reports, and even robbat2's blog. Nothing seems to help.


zeddmore ~ # emerge --info
Portage 2.1.2_rc4 (default-linux/x86/2006.0, gcc-4.1.1, glibc-2.5-r0, 2.6.19-gentoo-r2 i686)
=================================================================
System uname: 2.6.19-gentoo-r2 i686 Pentium III (Coppermine)
Gentoo Base System version 1.12.8
Last Sync: Sat, 23 Dec 2006 08:00:01 +0000
dev-java/java-config: 1.3.7, 2.0.31
dev-lang/python:     2.4.4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.18.1
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.14
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="x86 ~x86"
AUTOCLEAN="yes"
CBUILD="i586-pc-linux-gnu"
CFLAGS="-march=pentium -O2 -fomit-frame-pointer -pipe"
CHOST="i586-pc-linux-gnu"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mcpu=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks metadata-transfer sandbox sfperms strict userpriv usersandbox"
GENTOO_MIRRORS="http://distfiles.gentoo.org http://distro.ibiblio.org/pub/linux/distributions/gentoo"
LANG="en_US.UTF-8"
LC_ALL="en_US.UTF-8"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/portage/local/zoolook /usr/portage/local/layman/sunrise"
SYNC="rsync://rsync.gentoo.org/gentoo-portage"
USE="x86 7zip X509 aac acl admin alac alsa alsa_cards_via82xx alsa_pcm_plugins_adpcm alsa_pcm_plugins_alaw alsa_pcm_plugins_asym alsa_pcm_plugins_copy alsa_pcm_plugins_dmix alsa_pcm_plugins_dshare alsa_pcm_plugins_dsnoop alsa_pcm_plugins_empty alsa_pcm_plugins_extplug alsa_pcm_plugins_file alsa_pcm_plugins_hooks alsa_pcm_plugins_iec958 alsa_pcm_plugins_ioplug alsa_pcm_plugins_ladspa alsa_pcm_plugins_lfloat alsa_pcm_plugins_linear alsa_pcm_plugins_meter alsa_pcm_plugins_mulaw alsa_pcm_plugins_multi alsa_pcm_plugins_null alsa_pcm_plugins_plug alsa_pcm_plugins_rate alsa_pcm_plugins_route alsa_pcm_plugins_share alsa_pcm_plugins_shm alsa_pcm_plugins_softvol aotuv apache2 async authfile automount batch berkdb bzip2 bzlib calendar caps cgi chroot clamav cli cracklib crypt ctype cups curl dba dbus ecc elibc_glibc encode expat extensions extraengine fastcgi ffmpeg flac follow-xff fontconfig foomaticdb fpx ftp gd gd-external gdbm geoip geometry gif glibc-omitfp gmp gpg2-experimental gpm graphviz hesiod hpn iconv idea ifsession imagemagick imap innodb input_devices_evdev input_devices_keyboard input_devices_mouse ithreads java5 jpeg justify kerberos kernel_linux krb4 lcms ldap ldapsam libclamav libg++ linuxthreads-tls lzw-tiff mailwrapper mcal mime ming mmx mpm-threadpool musepack mysql mysqli nagios-dns nagios-game nagios-ntp nagios-ping nagios-ssh ncurses nomalloccheck nptl nptlonly oav ocaml ogg opensslcrypt oss overlays pam pcre pdflib pear perl php pic png posix postfix postgres ppds pwdb python quotas readline rewrite rle rss ruby samba sasl scanner sendfile serial session sftplogging shaper shared shorten sitemisc soap sockets softquota spell sqlite sqlite3 sse ssl swat syslog sysvipc tcpd theora threads tidy tiff tools truetype ucs2 underscores unicode ups usb userland_GNU userlocales utf8 vda vhosts video_cards_apm video_cards_ark video_cards_ati video_cards_chips video_cards_cirrus video_cards_cyrix video_cards_dummy video_cards_fbdev video_cards_glint video_cards_i128 video_cards_i740 video_cards_i810 video_cards_imstt video_cards_mga video_cards_neomagic video_cards_nsc video_cards_nv video_cards_rendition video_cards_s3 video_cards_s3virge video_cards_savage video_cards_siliconmotion video_cards_sis video_cards_sisusb video_cards_tdfx video_cards_tga video_cards_trident video_cards_tseng video_cards_v4l video_cards_vesa video_cards_vga video_cards_via video_cards_vmware video_cards_voodoo virus-scan web winbind xml xml2 xmlreader xmlrpc xsl xtended yp zero-penalty-hit zip zlib"
Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS, PORTAGE_RSYNC_EXTRA_OPTS

Comment 1 Norberto Bensa 2006-12-24 00:16:20 UTC

I've somehow missed the last comment on robbat2 blog:

<quote>
3) Your comments about init scripts are spot on, and affect /etc/init.d/slapd as well. If your ldap server is using ldap auth, restarting slapd will take the entire timeout period (about 3 minutes).

robbat2 reply:

The source of #2/#3 is that coreutils and other things occassionally attempt to look up a numeric uid/gid as a string! (eg the first column of /etc/{passwd,group}, and the related field in LDAP). This ALWAYS fails - just that LDAP failures take a long time.
</quote>

I'm marking this as invalid (I guess emerge fails because of the same thing; but why does it work with nss_ldap-239-r1?? :-/ )