Here's an annotated strace output of the dbus process when it fails. In another terminal, I ran 'systemctl status ntp' which triggers the dbus query. As Zahid mentioned above, this is with the permissions on /etc/ldap.conf set to 440, so the dbus-daemon user doesn't have permissions to read it. But why does dbus-daemon _want_ to read it? It's also checking /etc/passwd before this.
# Accept the incoming dbus call from systemctl
accept4(3, {sa_family=AF_LOCAL, NULL}, [2], SOCK_CLOEXEC) = 18
# Set it to a non-blocking socket, add it to the epoll() list, and call epoll() again
fcntl(18, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(18, F_SETFL, O_RDWR|O_NONBLOCK) = 0
getsockname(18, {sa_family=AF_LOCAL, sun_path="/var/run/dbus/system_bus_socket"}, [34]) = 0
epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLET, {u32=18, u64=386346997063352338}}) = 0
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLIN, {u32=18, u64=14407806993769168914}}) = 0
epoll_wait(4, [{EPOLLIN, {u32=18, u64=14407806993769168914}}], 64, 29999) = 1
# Read a message from systemctl
recvmsg(18, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=0, msg_flags=0}, 0) = 1
# Get the pid, uid, and gid of the systemctl process, rphelps in this case
getsockopt(18, SOL_SOCKET, SO_PEERCRED, {pid=17258, uid=10247, gid=10004}, [12]) = 0
# Try and fail to get the peer socket security state, but that might be SELinux only?
getsockopt(18, SOL_SOCKET, SO_PEERSEC, 0x559bc7f68180, 0x7ffc93c3a2bc) = -1 ENOPROTOOPT (Protocol not available)
# Read the auth request from systemctl
read(18, "AUTH EXTERNAL 3130323437\r\nNEGOTIATE_UNIX_FD\r\nBEGIN\r\n", 2048) = 52
Here's an annotated strace output of the dbus process when it fails. In another terminal, I ran 'systemctl status ntp' which triggers the dbus query. As Zahid mentioned above, this is with the permissions on /etc/ldap.conf set to 440, so the dbus-daemon user doesn't have permissions to read it. But why does dbus-daemon _want_ to read it? It's also checking /etc/passwd before this.
rphelps@ d1lmdbsvrstg2: ~$ sudo strace -p 942 -s 256 3352323} }], 64, -1) = 1
strace: Process 942 attached
epoll_wait(4, [{EPOLLIN, {u32=3, u64=38634699706
# Accept the incoming dbus call from systemctl AF_LOCAL, NULL}, [2], SOCK_CLOEXEC) = 18
accept4(3, {sa_family=
# Set it to a non-blocking socket, add it to the epoll() list, and call epoll() again AF_LOCAL, sun_path= "/var/run/ dbus/system_ bus_socket" }, [34]) = 0 3352338} }) = 0 769168914} }) = 0 769168914} }], 64, 29999) = 1
fcntl(18, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(18, F_SETFL, O_RDWR|O_NONBLOCK) = 0
getsockname(18, {sa_family=
epoll_ctl(4, EPOLL_CTL_ADD, 18, {EPOLLET, {u32=18, u64=38634699706
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLIN, {u32=18, u64=14407806993
epoll_wait(4, [{EPOLLIN, {u32=18, u64=14407806993
# Read a message from systemctl
recvmsg(18, {msg_name(0)=NULL, msg_iov(1)=[{"\0", 1}], msg_controllen=0, msg_flags=0}, 0) = 1
# Get the pid, uid, and gid of the systemctl process, rphelps in this case
getsockopt(18, SOL_SOCKET, SO_PEERCRED, {pid=17258, uid=10247, gid=10004}, [12]) = 0
# Try and fail to get the peer socket security state, but that might be SELinux only?
getsockopt(18, SOL_SOCKET, SO_PEERSEC, 0x559bc7f68180, 0x7ffc93c3a2bc) = -1 ENOPROTOOPT (Protocol not available)
# Read the auth request from systemctl r\nNEGOTIATE_ UNIX_FD\ r\nBEGIN\ r\n", 2048) = 52
read(18, "AUTH EXTERNAL 3130323437\
# Check the /etc/passwd for something S_IFREG| 0644, st_size=2014, ...}) = 0 S_IFREG| 0644, st_size=2014, ...}) = 0 0x7f5305a0d000, 2014) = 0
open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 19
lseek(19, 0, SEEK_CUR) = 0
fstat(19, {st_mode=
mmap(NULL, 2014, PROT_READ, MAP_SHARED, 19, 0) = 0x7f5305a0d000
lseek(19, 2014, SEEK_SET) = 2014
fstat(19, {st_mode=
munmap(
close(19) = 0
# No idea SIGPIPE, {SIG_IGN, [], SA_RESTORER, 0x7f530490a390}, {SIG_IGN, [], SA_RESTORER, 0x7f530490a390}, 8) = 0
rt_sigaction(
# No idea why they're doing this; maybe to see if the caller is the same process?
geteuid() = 107
# Try, and fail, to open /etc/ldap.conf etc/ldap. conf", O_RDONLY) = -1 EACCES (Permission denied) SIGPIPE, {SIG_IGN, [], SA_RESTORER, 0x7f530490a390}, NULL, 8) = 0
open("/
rt_sigaction(
# Do another epoll() round
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLET, {u32=18, u64=4294967314}}) = 0
epoll_ctl(4, EPOLL_CTL_MOD, 18, {EPOLLOUT, {u32=18, u64=4294967314}}) = 0
epoll_wait(4, [{EPOLLOUT, {u32=18, u64=4294967314}}], 64, 29995) = 1
# Send the rejection message to systemctl
sendto(18, "REJECTED EXTERNAL DBUS_COOKIE_SHA1 ANONYMOUS\r\nERROR \"Need to authenticate first\"\r\n", 82, MSG_NOSIGNAL, NULL, 0) = 82
# Remove the connection to systemctl from the epoll() list, and close the socket
epoll_ctl(4, EPOLL_CTL_DEL, 18, 0x7ffc93c3a2e0) = 0
close(18)