[Bug 1024475] Re: libnss-ldap causes boot hang on Ubuntu 12.04 Precise
Jcat-l
1024475 at bugs.launchpad.net
Fri Apr 25 10:33:07 UTC 2014
This is still an issue on 14.04 LTS.
This was fixed ages ago with this change:
libnss-ldap (251-5.2) unstable; urgency=high
* Change the init script policy. Instead of stopping libnss-ldap.init on
clean shutdown (touching a file) and starting it after networking (rm-ing
it), we touch the file in /lib/init/rw as soon as possible (right before
udev is started, touching a file) and stop it after initial system bootup.
This fixes both issues with /var being on a separate partition, and
unclean shutdown where the file would not be created. (To make sure we
don't get similar problems during shutdown, we create it in runlevels 0
and 6 as before, but we don't assume it's still there when we boot, since
it's on a tmpfs now.) (Closes: #375077)
..but at some point got removed with this change:
libnss-ldap (259-1) unstable; urgency=low
* Remove old kluge /etc/init.d/libnss-ldap
Not totally sure what was supposed to be replacing that "kluge", maybe it was the "nss_initgroups_ignoreusers" thing, but it's not working currently, that's for sure.
Boot time is well over 2 mins atm, verses about 5 seconds with the ldap entry removed for groups in nsswitch.conf
Someone must have some ideas for this.
Cheers,
jcat
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/1024475
Title:
libnss-ldap causes boot hang on Ubuntu 12.04 Precise
Status in “libnss-ldap” package in Ubuntu:
Confirmed
Bug description:
A configuration that works perfectly after setup prevents an Ubuntu
12.04 Precise client from booting.
Checks before rebooting:
1. winbind authentication is working (console login, xrdp, etc)
2. libnss-ldap name resolution is working (getent passwd)
(this is the intended setup)
After booting the default Grub option we see the machine hung without
printing anything.
Booting in recovery mode allows us to see that the last printed
message is:
Begin: Running /scrips/init-bottom ... done.
The problem IS related to libnss-ldap because if we boot via cdrom and
change nsswitch.conf to use local authentication the machine boots
again perfectly. We can then change it back to use local
authentication + ldap (compat ldap) and verify that it works. However
the system won't come up after rebooting.
Even though the nss_initgroups_ignoreusers is correctly setup there is
provavly some service that is trying to use ldap before networking is
available. The extra options (see below) intended to lower timeouts
seem to have no effect.
Configuration details:
/etc/ldap.conf
-----------------------------------
base dc=DOMAIN,dc=COM
binddn uid=ldapuser,ou=users,dc=DOMAIN,dc=COM
bindpw XXXXXYYYYZZZZ
ldap_version 3
uri ldap://192.168.1.8
nss_initgroups_ignoreusers avahi,avahi-autoipd,backup,bin,colord,daemon,games,gnats,hplip,irc,kernoops,libuuid,lightdm,list,lp,mail,man,messagebus,news,ntp,proxy,pulse,root,rtkit,saned,speech-dispatcher,sshd,sync,sys,syslog,usbmux,uucp,whoopsie,www-data,xrdp
/etc/nsswitch.conf
-----------------------------------
passwd: compat ldap
group: compat ldap
shadow: compat ldap
hosts: files mdns4_minimal [NOTFOUND=return] dns mdns4 wins
networks: files
protocols: db files
services: db files
ethers: db files
rpc: db files
netgroup: nis
extra options tried on /etc/ldap.conf
-----------------------------------
timelimit 2
bind_timelimit 1
nss_reconnect_sleeptime 1
nss_reconnect_maxsleeptime 1
bind_policy soft
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libnss-ldap/+bug/1024475/+subscriptions
More information about the foundations-bugs
mailing list