nslcd failures during boot-up

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Dustin Makepeace <Dustin.Makepeace [at] plansource.com>
To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: nslcd failures during boot-up
Date: Mon, 17 Jul 2017 16:36:54 +0000

Hello all,

I am seeing frequent issues with nslcd starting up on boot-up on a Salt server installation at my job. We have lots of servers running nslcd and only this one instance appears to be having this problem more often than not. Out of the last 4 reboots, nslcd failed to start up three of those times.

OS: Ubuntu 14.04.5

Kernel: 4.4.0-83-generic

NSLCD Vers: 0.8.13

Syslog output

Jul 17 16:10:07 ps-saltmaster nslcd[1509]: version 0.8.13 starting

Jul 17 16:10:12 ps-saltmaster nslcd[1509]: accepting connections

Jul 17 16:10:12 ps-saltmaster nslcd[1509]: Libgcrypt notice: state transition Power-On => Fatal-Error

Jul 17 16:10:12 ps-saltmaster nslcd[1509]: Libgcrypt error: fatal error in file visibility.c, line 1283, function gcry_create_nonce: called in non-operational state

Jul 17 16:10:12 ps-saltmaster nslcd[1509]: Libgcrypt terminated the application

I have applied all available repo updates as of today and the problem still persist.

I also found this bug reported to Ubuntu: https://bugs.launchpad.net/ubuntu/+source/nss-pam-ldapd/+bug/1029656

For reference, here is my nslcd.conf

uid nslcd

gid nslcd

idle_timelimit 180

bind_timelimit 25

uri ldaps://ds-pdc.domain.local/

uri ldaps://ds-pdc01.domain.local/

base dc=domain,dc=local

ldap_version 3

binddn CN=ldap,OU=Service Accounts,OU=IT,DC=domain,DC=local

bindpw .........

ssl on

tls_reqcert never

referrals no

nss_initgroups_ignoreusers ALLLOCAL

filter passwd (&(&(objectClass=person)(uidNumber=*)))

map passwd uid sAMAccountName

map passwd homeDirectory unixHomeDirectory

map passwd gecos displayName

filter shadow (&(&(objectClass=person)(uidNumber=*)))

map shadow uid sAMAccountName

map shadow shadowLastChange pwdLastSet

filter group (&(objectClass=group)(gidNumber=*))

I am not a developer, just a sys admin. Any help/direction you can provide is much appreciated.

Thanks

Dustin Makepeace / DevOps Engineer

This email may contain confidential or protected material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you are not the intended recipient (or authorized to receive for the recipient), please contact the sender by reply email and delete all copies of this message.

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/

nslcd failures during boot-up, Dustin Makepeace

Prev by Date: Re: Weird error
Next by Date: adding FreeBSD LOGIN_CLASS(3) support to nss-pam-ldapd
Previous by thread: Re: Weird error
Next by thread: adding FreeBSD LOGIN_CLASS(3) support to nss-pam-ldapd