nslcd does not start on boot everytime
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
nss-pam-ldapd (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
I've been testing nslcd on ubuntu 12.04 and I feel that 0.8.10 needs to be released for 12.04. I also get lots of messages that seem to be fixed in releases after 0.8.4.
Even the developer says: 'Users that require a stable release are encouraged to stay with 0.7 until 0.8 stabilises.'
http://
My main issue right now:
I've seen it not start on boot 50% of the time with different messages in syslog. If the daemon fails to start on boot and I start it from the init script, it works just fine with out any (related) errors or messages in syslog. Also if I put the daemon in debug mode on boot via the init script, I don't see this issue. But also at the same time the init script will still be executing because the daemon does not drop into the background.
This is an example if it failing to start on boot, here it fails to log any errors:
Jul 26 11:53:33 voodoo nslcd[1799]: version 0.8.4 starting
Jul 26 11:53:33 voodoo nslcd[1799]: accepting connections
This is an example if it failing to start on boot that points at Libgcrypt killing off the application:
Jul 26 14:45:10 voodoo nslcd[1245]: version 0.8.4 starting
Jul 26 14:45:10 voodoo nslcd[1245]: accepting connections
Jul 26 14:45:11 voodoo nslcd[1245]: Libgcrypt warning: missing initialization - please fix the application
Jul 26 14:45:11 voodoo nslcd[1245]: Libgcrypt notice: state transition Power-On => Fatal-Error
Jul 26 14:45:11 voodoo nslcd[1245]: Libgcrypt error: fatal error in file visibility.c, line 1283, function gcry_create_nonce: called in non-operational state
Jul 26 14:45:11 voodoo nslcd[1245]: Libgcrypt terminated the application
Oddly here is an example if the daemon starting on boot:
Jul 26 08:59:08 voodoo nslcd[1165]: version 0.8.4 starting
Jul 26 08:59:08 voodoo nslcd[1165]: accepting connections
Jul 26 08:59:10 voodoo nslcd[1165]: [3c9869] <passwd=""> "": name denied by validnames option
My nslcd.conf:
uid nslcd
gid nslcd
uri ldaps://10.x.x.110
uri ldaps://10.x.x.111
base dc=users,
base group dc=groups,
binddn cn=someuser,
bindpw somepass
filter passwd (&(objectClass=
ssl on
tls_reqcert never
map passwd homeDirectory "/home/$uid"
map passwd loginShell "/bin/bash"
Thanks for your work and any help.
-Mike
The libgcrypt problem is a known one without a known solution so far. Some background information is here: bugs.debian. org/643948 /bugzilla. redhat. com/506796
http://
https:/
It seems to be a bug in either libgcrypt or OpenLDAP (I don't have time to dig into this at the moment though).