lists.arthurdejong.org
RSS feed

Re: both nscd and nslcd needed?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: both nscd and nslcd needed?



Arthur de Jong schreef op 26-1-2014 14:17:
> On Sun, 2014-01-26 at 13:01 +0100, Egbert wrote:
>> Jan 25 11:01:16 sftp nslcd[5304]: [79ec49] <group/member="bas"> 
>> ldap_result() failed: Can't contact LDAP server
>> Jan 25 11:01:19 sftp nslcd[5304]: [79ec49] <group/member="bas"> 
>> ldap_start_tls_s() failed (uri=ldap://hcc-ldap-lb1-int.hobby.nl/): Can't 
>> contact LDAP server: Transport endpoint is not connected
>> Jan 25 11:01:19 sftp nslcd[5304]: [79ec49] <group/member="bas"> failed to 
>> bind to LDAP server ldap://hcc-ldap-lb1-int.hobby.nl/: Can't contact LDAP 
>> server: Transport endpoint is not connected
>> Jan 25 11:01:19 sftp nslcd[5304]: [79ec49] <group/member="bas"> connected to 
>> LDAP server ldap://hcc-ldap-lb2-int.hobby.nl/
>> Jan 25 11:05:01 sftp nslcd[5304]: [8125cf] <group/member="root"> connected 
>> to LDAP server ldap://hcc-ldap-lb1-int.hobby.nl/
>> Jan 25 11:05:01 sftp nslcd[5304]: [8125cf] <group/member="root"> 
>> ldap_result() failed: Can't contact LDAP server
>> Jan 25 11:35:01 sftp nslcd[5304]: [73983a] <group/member="root"> 
>> ldap_result() failed: Can't contact LDAP server
>> Jan 25 12:45:01 sftp nslcd[5304]: [d0ad81] <group/member="root"> 
>> ldap_result() failed: Can't contact LDAP server
>> Jan 25 15:35:01 sftp nslcd[5304]: [7d63f4] <group/member="root"> 
>> ldap_result() failed: Can't contact LDAP server
>> Jan 25 15:35:04 sftp nslcd[5304]: [7d63f4] <group/member="root"> 
>> ldap_start_tls_s() failed (uri=ldap://hcc-ldap-lb2-int.hobby.nl/): Can't 
>> contact LDAP server: Transport endpoint is not connected
>> Jan 25 15:35:04 sftp nslcd[5304]: [7d63f4] <group/member="root"> failed to 
>> bind to LDAP server ldap://hcc-ldap-lb2-int.hobby.nl/: Can't contact LDAP 
>> server: Transport endpoint is not connected
>> Jan 25 15:35:04 sftp nslcd[5304]: [7d63f4] <group/member="root"> connected 
>> to LDAP server ldap://hcc-ldap-lb1-int.hobby.nl/
>> Jan 25 16:35:01 sftp nslcd[5304]: [a85f4d] <group/member="root"> connected 
>> to LDAP server ldap://hcc-ldap-lb2-int.hobby.nl/
>> Jan 25 16:35:01 sftp nslcd[5304]: [a85f4d] <group/member="root"> 
>> ldap_result() failed: Can't contact LDAP server
> Running nslcd in debugging mode (-d) may provide more information on
> what is going wrong in this case. There seems to be something going
> wrong in the TLS side of things affecting open connections (the
> ldap_result() errors) and some new connections (failed to bind errors).
>
> Perhaps there is a connection timeout somewhere set on the server? You
> can work around this by cleanly closing the connection from the client
> side with:
>   idle_timelimit 120
idle_timelimit added. Wanted to log debug but "log syslog debug" is
rejected. "log" unknown keyword.

>
>> Jan 25 17:44:07 sftp nslcd[1423]: version 0.8.13 starting
>> Jan 25 17:44:12 sftp nslcd[1423]: accepting connections
>> Jan 25 17:44:12 sftp nslcd[1423]: Libgcrypt warning: missing initialization 
>> - please fix the application
>> Jan 25 17:44:12 sftp nslcd[1423]: Libgcrypt warning: missing initialization 
>> - please fix the application
>> Jan 25 17:44:12 sftp nslcd[1423]: Libgcrypt notice: state transition 
>> Power-On => Fatal-Error
>> Jan 25 17:44:12 sftp nslcd[1423]: Libgcrypt error: fatal error in file 
>> visibility.c, line 1283, function gcry_create_nonce: called in 
>> non-operational state
>> Jan 25 17:44:12 sftp nslcd[1423]: Libgcrypt terminated the application
> This is a known bug in Libgcrypt (or the library calling it) that I also
> run into sometimes. More information is available here:
>   http://bugs.debian.org/643948
>
> Sadly, no information on workarounds or fixes is available. I myself am
> only seeing this occasionally during system boot. Are you seeing it also
> in other circumstances?
>
>> Jan 26 10:55:02 sftp nslcd[18625]: [3c9869] <passwd=309> (re)loading 
>> /etc/nsswitch.conf
> nslcd checks /etc/nsswitch.conf to see whether shadow lookups are also
> performed using the LDAP map to see what information to return in the
> password field for users ("*" or "x"). If nslcd detects that
> nsswitch.conf that is modified it rechecks it automatically. These log
> lines are to be expected at least once after start-up, if they happen
> more often, something or someone is modifying nsswitch.conf.
>
> The other lines from the logs show just startup and shutdown of nslcd.
>
>
>

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/