From owner-freebsd-questions@FreeBSD.ORG Fri May 9 21:09:43 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F01301065670 for ; Fri, 9 May 2008 21:09:43 +0000 (UTC) (envelope-from lists@webtent.net) Received: from esmtp.webtent.net (esmtp.webtent.net [208.38.145.5]) by mx1.freebsd.org (Postfix) with ESMTP id B5DAE8FC1F for ; Fri, 9 May 2008 21:09:43 +0000 (UTC) (envelope-from lists@webtent.net) Received: from localhost (localhost [127.0.0.1]) by esmtp.webtent.net (WebTent ESMTP Postfix Internet Mail Gateway) with ESMTP id 2E7D780266; Fri, 9 May 2008 17:09:43 -0400 (EDT) Received: from esmtp.webtent.net ([127.0.0.1]) by localhost (esmtp.webtent.net [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 13005-02; Fri, 9 May 2008 17:09:42 -0400 (EDT) Received: from [70.110.70.43] (columbus.webtent.org [70.110.70.43]) by esmtp.webtent.net (WebTent ESMTP Postfix Internet Mail Gateway) with ESMTP id A57FF8022E; Fri, 9 May 2008 17:09:42 -0400 (EDT) From: Robert Fitzpatrick To: Jonathan McKeown In-Reply-To: <200805092244.04867.jonathan+freebsd-questions@hst.org.za> References: <1210336560.28281.43.camel@columbus.webtent.org> <200805092244.04867.jonathan+freebsd-questions@hst.org.za> Content-Type: text/plain Organization: WebTent Networking, Inc. Date: Fri, 09 May 2008 17:09:41 -0400 Message-Id: <1210367382.6447.17.camel@columbus.webtent.org> Mime-Version: 1.0 X-Mailer: Evolution 2.12.1 Content-Transfer-Encoding: 7bit X-Virus-Scanned: WebTent Mailguard 1.0.2a Cc: freebsd-questions@freebsd.org Subject: Re: slapd won't start with nss_ldap.conf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: robert@webtent.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 May 2008 21:09:44 -0000 On Fri, 2008-05-09 at 22:44 +0200, Jonathan McKeown wrote: > On Friday 09 May 2008 14:36, Robert Fitzpatrick wrote: > > On a FreeBSD 6.1 with openldap-server-2.3.39, I have setup nss_ldap and > > pam_ldap, but cannot get slapd to start as long as I have nss_ldap.conf > > present, it just hangs and nothing in the messages or debug logs. I just > > copied ldap.conf to nss_ldap.conf, see contents below. > > So, to start slapd, the system needs the group info for user ldap - from > slapd. It times out and retries a few times, and eventually starts slapd > using the group information from /etc/passwd and /etc/group, but the timeout > and retry options by default take several minutes. > Seems my core problem is something wrong with the openldap setup on that box. I had taken the slave ldap server up to 2.3.41 and it was not having this slapd/nss_ldap startup problem. I don't know if it is bad with a synrepl slave earlier version that the master, but I just didn't want to mess with the master until it proved OK and all seems perfectly great on the slave except my boot order issue.... Thanks for the response, and yes, the openldap list owner finally rejected my message and gave me the pointer to start slapd with the owner and group by id instead of name. After reading the start script to get the owner and group by id in the rc.conf file, I am now starting the process in that way. While doing that I realize that I can handle boot order by name of the file and gave it a prefix of 001. I will test my changes tomorrow when I go on site to replace a UPS. If all goes well on the slave, I'll upgrade the master and see if my pesky nss_ldap issue goes away. And, yes, I was only waiting the length of time it normally took when the nss_ldap.conf file was missing, few seconds max. -- Robert