Ubuntu
libnss-ldap package

auth.log boot cron[5014]: nss_ldap: could not search LDAP server - Server is unavailable

Bug #375669 reported by jablko
22
This bug affects 4 people
Affects Status Importance Assigned to Milestone
libnss-ldap (Ubuntu)
Confirmed
Low
Unassigned

Bug Description

Binary package hint: libnss-ldap

If I create a crontab for an LDAP user, I consistently see these messages in auth.log when I boot,

[...]
May 12 12:55:39 juno cron[5014]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: reconnecting to LDAP server...
May 12 12:55:40 juno cron[5014]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
May 12 12:55:40 juno cron[5014]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
May 12 12:55:40 juno cron[5014]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
May 12 12:55:41 juno cron[5014]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
May 12 12:55:41 juno cron[5014]: nss_ldap: could not search LDAP server - Server is unavailable
[...]

- and the LDAP user's crontab doesn't run, though other crontabs do.

If I remove the LDAP user's crontab and reboot, the messages aren't generated.

The LDAP server is on the LAN and is available - for example, after boot, gdmgreeter lists LDAP users.

The machine with the crontab has this line in /etc/hosts,

[...]
192.168.1.2 amos.artefactual.com ldap.artefactual.com
[...]

Both machines are Dell Optiplex 320 running Intrepid Ibex. The LDAP server is running slapd 2.4.11-0ubuntu6.1

Revision history for this message
Upen (upen) wrote :

Hi,

I have successfully configured Ubunut(jeos 8.04 on x86_64 arch). Auth works fine and automount as well. But I have same issue as mentioned by OP. these CRON messages in syslog are bothering me as well.

Aug 24 08:20:01 myftp-t CRON[21745]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:20:01 myftp-t /USR/SBIN/CRON[21746]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp)
Aug 24 08:22:01 myftp-t CRON[21773]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:22:01 myftp-t CRON[21773]: pam_ldap: reconnecting to LDAP server...
Aug 24 08:22:01 myftp-t CRON[21773]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:22:01 myftp-t /USR/SBIN/CRON[21774]: (root) CMD (/export/home/ugandhi/report_disk)
Aug 24 08:40:01 myftp-t CRON[21929]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:40:01 myftp-t CRON[21929]: pam_ldap: reconnecting to LDAP server...
Aug 24 08:40:01 myftp-t CRON[21929]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Aug 24 08:40:01 myftp-t /USR/SBIN/CRON[21930]: (smmsp) CMD (test -x /etc/init.d/sendmail && /usr/share/sendmail/sendmail cron-msp)

This continuously appearing in syslog file and I don't understand why?

Is there any solution for ? My disk is going to fill up soon and it will be better if I do something now itself..:)

If there is any kind of other information required to solve this issue, I am willing to provide it ASAP.

Thanks for your help!!

Revision history for this message
Chuck Short (zulcss) wrote :

Hi,

I was wondering if this is still a problem for you.

Have you tried adding the following to your /etc/nsswitch.conf:

  passwd: files ldap [UNAVAIL=return]
  group: files ldap [UNAVAIL=return]

Regards
chuck

Changed in libnss-ldap (Ubuntu):
importance: Undecided → Low
status: New → Incomplete
Revision history for this message
Upen (upen) wrote :

Hi Chuck,

I think I did try those settings in nssswitch.conf but that did not help..Later I changed the /etc/pam.d/cron file as below,

@include common-auth
auth required pam_env.so
@include common-account
@include common-session
# Sets up user limits, please define limits for cron tasks
# through /etc/security/limits.conf
session required pam_limits.so

common-auth is configured for using unix and ldap auth modules..

that helped me...

Revision history for this message
jablko (ms419) wrote :

Thanks Chuck, as far as I know I'm still experiencing this problem - I'll try modifying nsswitch.conf as you suggest and check if that corrects the problem - thanks again!

Revision history for this message
jablko (ms419) wrote :

Thanks again Chuck, I confirmed that I'm still experiencing this problem,

[...]
Oct 9 17:06:45 juno cron[3219]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
Oct 9 17:06:45 juno cron[3219]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
Oct 9 17:06:45 juno cron[3219]: nss_ldap: reconnecting to LDAP server...
Oct 9 17:06:45 juno cron[3219]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
Oct 9 17:06:46 juno cron[3219]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
Oct 9 17:06:47 juno cron[3219]: nss_ldap: reconnecting to LDAP server (sleeping 1 seconds)...
Oct 9 17:06:47 juno cron[3219]: nss_ldap: could not connect to any LDAP server as cn=admin,dc=artefactual,dc=com - Can't contact LDAP server
Oct 9 17:06:47 juno cron[3219]: nss_ldap: failed to bind to LDAP server ldap://ldap.artefactual.com: Can't contact LDAP server
Oct 9 17:06:48 juno cron[3219]: nss_ldap: could not search LDAP server - Server is unavailable
[...]

- and that I still experience this problem after adding [UNAVAIL=return] to /etc/nsswitch.conf

Here's my complete /etc/nsswitch.conf, http://www.sfu.ca/~jdbates/tmp/ubuntu/200910100/nsswitch.conf

Revision history for this message
Chuck Short (zulcss) wrote :

@jabiko

What if you configure your /etc/pam.d/cron like Upen's?

Regards
chuck

Changed in libnss-ldap (Ubuntu):
status: Incomplete → Confirmed
Revision history for this message
jablko (ms419) wrote :

Thanks again Chuck, I think my /etc/pam.d/cron is already identical to Upen's,

http://www.sfu.ca/~jdbates/tmp/ubuntu/200910210/cron

Here's my /etc/pam.d/common-auth,

http://www.sfu.ca/~jdbates/tmp/ubuntu/200910210/common-auth

Revision history for this message
Pascal (pascal-blonde) wrote :

Hi,

I'm experiencing this problem on my Ubuntu 9.10 computer.

Workaround: inserting the following 2 lines in /etc/rc.local:

sleep 15
/etc/init.d/cron restart

until finding the correct pam/ldap/nsswitch files configuration...

Regards
Pascal

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.