From owner-freebsd-questions@FreeBSD.ORG Fri May 9 21:30:23 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CECC81065743 for ; Fri, 9 May 2008 21:30:23 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from hermes.hst.org.za (onix.hst.org.za [209.203.2.133]) by mx1.freebsd.org (Postfix) with ESMTP id CCE108FC1E for ; Fri, 9 May 2008 21:30:21 +0000 (UTC) (envelope-from jonathan+freebsd-questions@hst.org.za) Received: from [10.1.11.1] ([10.1.11.1]) (authenticated bits=0) by hermes.hst.org.za (8.13.8/8.13.8) with ESMTP id m49LSmX5004671 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Fri, 9 May 2008 23:28:49 +0200 (SAST) (envelope-from jonathan+freebsd-questions@hst.org.za) From: Jonathan McKeown To: freebsd-questions@freebsd.org Date: Fri, 9 May 2008 23:30:43 +0200 User-Agent: KMail/1.9.4 References: <1210336560.28281.43.camel@columbus.webtent.org> <200805092244.04867.jonathan+freebsd-questions@hst.org.za> <1210367382.6447.17.camel@columbus.webtent.org> In-Reply-To: <1210367382.6447.17.camel@columbus.webtent.org> X-Face: $@VrUx^RHy/}yu]jKf/<4T%/d|F+$j-Ol2"2J$q+%OK1]&/G_S9(=?iso-8859-15?q?HkaQ*=60!=3FYOK=3FY!=27M=60C=0A=09aP=5C9nVPF8Q=7DCilHH8l?= =?iso-8859-15?q?=3B=7E!42HK6=273lg4J=7Daz?=@1Dqqh:J]M^"YPn*2IWrZON$1+G?oX3@ =?iso-8859-15?q?k=230=0A=0954XDRg=3DYn=5FF-etwot4U=24b?=dTS{i X-Spam-Score: -4.37 () ALL_TRUSTED,AWL,BAYES_00 X-Scanned-By: MIMEDefang 2.61 on 209.203.2.133 Subject: Re: slapd won't start with nss_ldap.conf X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 May 2008 21:30:23 -0000 On Friday 09 May 2008 23:09, Robert Fitzpatrick wrote: > On Fri, 2008-05-09 at 22:44 +0200, Jonathan McKeown wrote: > > On Friday 09 May 2008 14:36, Robert Fitzpatrick wrote: > > > On a FreeBSD 6.1 with openldap-server-2.3.39, I have setup nss_ldap and > > > pam_ldap, but cannot get slapd to start as long as I have nss_ldap.conf > > > present, it just hangs and nothing in the messages or debug logs. I > > > just copied ldap.conf to nss_ldap.conf, see contents below. > > > > So, to start slapd, the system needs the group info for user ldap - from > > slapd. It times out and retries a few times, and eventually starts slapd > > using the group information from /etc/passwd and /etc/group, but the > > timeout and retry options by default take several minutes. > > Seems my core problem is something wrong with the openldap setup on that > box. I had taken the slave ldap server up to 2.3.41 and it was not > having this slapd/nss_ldap startup problem. I don't know if it is bad > with a synrepl slave earlier version that the master, but I just didn't > want to mess with the master until it proved OK and all seems perfectly > great on the slave except my boot order issue.... It depends what else you upgraded while changing the openldap server. Earlier versions of nss_ldap had much shorter timeouts, I believe, which means the problem only manifested itself after a certain version of nss_ldap. > Thanks for the response, and yes, the openldap list owner finally > rejected my message and gave me the pointer to start slapd with the > owner and group by id instead of name. After reading the start script to > get the owner and group by id in the rc.conf file, I am now starting the > process in that way. While doing that I realize that I can handle boot > order by name of the file and gave it a prefix of 001. Errr, not sure what you're talking about here: man rcorder will tell you the normal way to control startup order on a recent FreeBSD. I think you'd have to be doing something rather unusual to force the old behaviour you seem to be talking about... As far as starting up with a numeric id rather than a user name, I'm not sure that will stop the lookup of group information which is actually causing the problem. Good luck. Jonathan