Re: nslcd: DEBUG: accept() failed (ignored): Resource temporarily unavailable

[Král Gergely <kral.gergely [at] robolution.eu>]

2015-08-31 20:35 időpontban Arthur de Jong ezt írta:
> On Mon, 2015-08-31 at 19:38 +0200, Král Gergely wrote:
> > After an upgrade of slapd and a change to the use of nslcd last week
> > I receive a lot of messages like these into auth.log:
> >
> > Aug 31 17:29:01 isa CRON[1209]: nss_ldap: reconnected to LDAP server 
> > ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
> > Aug 31 17:30:01 isa CRON[1245]: nss_ldap: reconnected to LDAP server 
> > ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
> > Aug 31 17:30:01 isa CRON[1246]: nss_ldap: reconnected to LDAP server 
> > ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
> > Aug 31 17:30:17 isa exim4: nss_ldap: reconnecting to LDAP server...
> > Aug 31 17:30:17 isa exim4: nss_ldap: reconnected to LDAP server 
> > ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
> > Aug 31 17:30:46 isa smbd[1288]: nss_ldap: reconnecting to LDAP 
> > server...
> > Aug 31 17:30:46 isa smbd[1288]: nss_ldap: reconnected to LDAP server 
> > ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
> > Aug 31 17:30:46 isa smbd[1289]: nss_ldap: reconnecting to LDAP 
> > server...
> > Aug 31 17:30:46 isa smbd[1289]: nss_ldap: reconnected to LDAP server 
> > ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
>
> These messages seem to be from PADL's nss_ldap module (libnss-ldap
> package), not the NSS modules that is shipped as part of nss-pam-ldapd
> that talks to nslcd (libnss-ldapd package).


This was also something I suspected but I believe I have the right 
packages installed:

# dpkg -l | egrep -i -v 'openss|insserv' | egrep -i 'ldap|nss'
ii  dovecot-ldap                         1:2.2.18-1                      
  i386         secure POP3/IMAP server - LDAP support
ii  ldap-utils                           2.4.41+dfsg-1                   
  i386         OpenLDAP utilities
ii  libaprutil1-ldap:i386                1.5.4-1                         
  i386         Apache Portable Runtime Utility Library - LDAP Driver
ii  libldap-2.4-2:i386                   2.4.41+dfsg-1                   
  i386         OpenLDAP libraries
ii  libldb1:i386                         2:1.1.20-2                      
  i386         LDAP-like embedded database - shared library
ii  libnet-ldap-perl                     1:0.6500+dfsg-1                 
  all          client interface to LDAP servers
ii  libnss-ldapd:i386                    0.9.6-2                         
  i386         NSS module for using LDAP as a naming service
ii  libnss-mdns:i386                     0.10-6                          
  i386         NSS module for Multicast DNS name resolution
ii  libnss3:i386                         2:3.19.2-1                      
  i386         Network Security Service libraries
ii  libpam-ldapd:i386                    0.9.6-2                         
  i386         PAM module for using LDAP as an authentication service
ii  migrationtools                       47-8                            
  all          Migration scripts for LDAP
ii  nslcd                                0.9.6-2                         
  i386         daemon for NSS and PAM lookups using LDAP
ii  nslcd-utils                          0.9.6-2                         
  all          utilities for querying LDAP via nslcd
ii  php5-ldap                            5.6.11+dfsg-1                   
  i386         LDAP module for php5
ii  phpldapadmin                         1.2.2-5.2                       
  all          web based interface for administering LDAP servers
ii  slapd                                2.4.41+dfsg-1                   
  i386         OpenLDAP server (slapd)
ii  smbldap-tools                        0.9.9-1                         
  all          Scripts to manage Unix and Samba accounts stored on LDAP


Adding "debug" option to pam_ldap.so in /etc/pam.d/common-auth it looks 
that pam_ldap and pam_unix modules are working well.
But where does the nss_ldap messages are coming from then? Why do cron 
processes need to connect to the ldap server at all?

Sep  1 09:12:01 isa CRON[4008]: nss_ldap: reconnecting to LDAP server...
Sep  1 09:12:01 isa CRON[4007]: nss_ldap: reconnecting to LDAP server...
Sep  1 09:12:01 isa CRON[4008]: nss_ldap: reconnected to LDAP server 
ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
Sep  1 09:12:01 isa CRON[4007]: nss_ldap: reconnected to LDAP server 
ldapi://%2fvar%run%2fslapd%2fldapi after 1 attempt
Sep  1 09:12:01 isa CRON[4008]: pam_unix(cron:session): session opened 
for user root by (uid=0)
Sep  1 09:12:01 isa CRON[4007]: pam_unix(cron:session): session opened 
for user root by (uid=0)
Sep  1 09:12:01 isa sudo:     root : TTY=unknown ; PWD=/root ; 
USER=kasop ; COMMAND=/usr/bin/php 
/RBL-data/www/RoboSYS/libs/kpmot/robosys-percenkent.php
Sep  1 09:12:01 isa sudo: pam_unix(sudo:session): session opened for 
user kasop by (uid=0)
Sep  1 09:12:01 isa CRON[4008]: pam_unix(cron:session): session closed 
for user root
Sep  1 09:12:01 isa sudo: pam_unix(sudo:session): session closed for 
user kasop
Sep  1 09:12:01 isa CRON[4007]: pam_unix(cron:session): session closed 
for user root

Sep  1 09:12:15 isa auth: pam_unix(dovecot:auth): authentication 
failure; logname= uid=0 euid=0 tty=dovecot ruser=kasop rhost=::1  
user=kasop
Sep  1 09:12:15 isa auth: pam_ldap(dovecot:auth): nslcd authentication; 
user=kasop
Sep  1 09:12:15 isa auth: pam_ldap(dovecot:auth): authentication 
succeeded

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/