auth.log boot cron[5014]: nss_ldap: could not search LDAP server - Server is unavailable

Bug #375669 reported by jablko
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
libnss-ldap (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: libnss-ldap

If I create a crontab for an LDAP user, I consistently see these messages in auth.log when I boot,

[...]
May 12 12:55:39 juno cron[5014]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: reconnecting to LDAP server...
May 12 12:55:40 juno cron[5014]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
May 12 12:55:40 juno cron[5014]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
May 12 12:55:41 juno cron[5014]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
May 12 12:55:41 juno cron[5014]: nss_ldap: could not search LDAP server - Server is unavailable
[...]

- and the LDAP user's crontab doesn't run, though other crontabs do.

If I remove the LDAP user's crontab and reboot, the messages aren't generated.

The LDAP server is on the LAN and is available - for example, after boot, gdmgreeter lists LDAP users.

The machine with the crontab has this line in /etc/hosts,

[...]
192.168.1.2 amos.artefactual.com ldap.artefactual.com
[...]

Both machines are Dell Optiplex 320 running Intrepid Ibex. The LDAP server is running slapd 2.4.11-0ubuntu6.1

Revision history for this message
Upen (upen) wrote :

Hi,

I have successfully configured Ubunut(jeos 8.04 on x86_64 arch). Auth works fine and automount as well. But I have same issue as mentioned by OP. these CRON messages in syslog are bothering me as well.

Aug 24 08:20:01 myftp-t CRON[21745]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:20:01 myftp-t /USR/SBIN/CRON[21746]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp)
Aug 24 08:22:01 myftp-t CRON[21773]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:22:01 myftp-t CRON[21773]: pam_ldap: reconnecting to LDAP server...
Aug 24 08:22:01 myftp-t CRON[21773]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:22:01 myftp-t /USR/SBIN/CRON[21774]: (root) CMD (/export/home/ugandhi/report_disk)
Aug 24 08:40:01 myftp-t CRON[21929]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:40:01 myftp-t CRON[21929]: pam_ldap: reconnecting to LDAP server...
Aug 24 08:40:01 myftp-t CRON[21929]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:40:01 myftp-t /USR/SBIN/CRON[21930]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp)

This continuously appearing in syslog file and I don't understand why?

Is there any solution for ? My disk is going to fill up soon and it will be better if I do something now itself..:)

If there is any kind of other information required to solve this issue, I am willing to provide it ASAP.

Thanks for your help!!

Revision history for this message
Chuck Short (zulcss) wrote :

Hi,

I was wondering if this is still a problem for you.

Have you tried adding the following to your /etc/nsswitch.conf:

  passwd: files ldap [UNAVAIL=return]
  group: files ldap [UNAVAIL=return]

Regards
chuck

Changed in libnss-ldap (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Upen (upen) wrote :

Hi Chuck,

I think I did try those settings in nssswitch.conf but that did not help..Later I changed the /etc/pam.d/cron file as below,

@include common-auth
auth required pam_env.so
@include common-account
@include common-session
# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session required pam_limits.so

common-auth is configured for using unix and ldap auth modules..

that helped me...

Revision history for this message
jablko (ms419) wrote :

Thanks Chuck, as far as I know I'm still experiencing this problem - I'll try modifying nsswitch.conf as you suggest and check if that corrects the problem - thanks again!

Revision history for this message
jablko (ms419) wrote :

Thanks again Chuck, I confirmed that I'm still experiencing this problem,

[...]
Oct 9 17:06:45 juno cron[3219]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
Oct 9 17:06:45 juno cron[3219]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
Oct 9 17:06:45 juno cron[3219]: nss_ldap: reconnecting to LDAP server...
Oct 9 17:06:45 juno cron[3219]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
Oct 9 17:06:46 juno cron[3219]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
Oct 9 17:06:47 juno cron[3219]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Oct 9 17:06:47 juno cron[3219]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
Oct 9 17:06:47 juno cron[3219]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
Oct 9 17:06:48 juno cron[3219]: nss_ldap: could not search LDAP server - Server is unavailable
[...]

- and that I still experience this problem after adding [UNAVAIL=return] to /etc/nsswitch.conf

Here's my complete /etc/nsswitch.conf, http://www.sfu.ca/~jdbates/tmp/ubuntu/200910100/nsswitch.conf

Revision history for this message
Chuck Short (zulcss) wrote :

@jabiko

What if you configure your /etc/pam.d/cron like Upen's?

Regards
chuck

Changed in libnss-ldap (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
jablko (ms419) wrote :

Thanks again Chuck, I think my /etc/pam.d/cron is already identical to Upen's,

http://www.sfu.ca/~jdbates/tmp/ubuntu/200910210/cron

Here's my /etc/pam.d/common-auth,

http://www.sfu.ca/~jdbates/tmp/ubuntu/200910210/common-auth

Revision history for this message
Pascal (pascal-blonde) wrote :

Hi,

I'm experiencing this problem on my Ubuntu 9.10 computer.

Workaround: inserting the following 2 lines in /etc/rc.local:

sleep 15
/etc/init.d/cron restart

until finding the correct pam/ldap/nsswitch files configuration...

Regards
Pascal

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers