Bug#390926: libnss-ldap: Startup scripts take ages to perform duties

Jan Evert van Grootheest Mon, 23 Oct 2006 11:51:36 -0700

Stephen Frost wrote:

* Steinar H. Gunderson ([EMAIL PROTECTED]) wrote:

On Tue, Oct 03, 2006 at 11:28:34PM -0700, Steve Langasek wrote:

Can we just fix libnss-ldap already to use a sensible default bind policy,
please?

Sure, I could do that (removing the boot-time workarounds), assuming the
maintainer doesn't object...


I've already said, a few times now, what I'd prefer as the solution.  I
also havn't heard any reason why it's not a reasonable solution.
Please, try reducing the timeouts such that it's sleeping (at most) 2s
per NSS call (assuming a failure to connect to the servers) and see how
that affects booting.  I don't expect that it would be too bad but I'm
not sure which is why I'd like to have it tested.  CosmicRay on IRC was
already doing some of this testing for me so you might try checking with
him on what he discovered.  I'm out of town and when I've been on he

I've tried it.

During boot udevd attempts to resolve a few groups (group scanner, groupscanner, group scanner, group nvram, user tss, group tss, group fuse,group rdma, group rdma), as far as I understand the logs. Those fail.

This test was on an amd64 system (the original one I reported it on wasi386).


Udevd attempts to resolve 9 items. These are the logs of one such attempt:
INIT: version 2.86 booting

touch: cannot touch `/lib/init/rw/libnss-ldap.bind_policy_soft': No suchfile or directoryStarting the hotplug events dispatcher: udevdudevd[882]: nss_ldap: couldnot connect to any LDAP server ascn=admin,dc=janevert,dc=homelinux,dc=org - Can't contact LDAP serverudevd[882]: nss_ldap: failed to bind to LDAP serverldap://192.168.1.106: Can't contact LDAP serverudevd[882]: nss_ldap: could not connect to any LDAP server ascn=admin,dc=janevert,dc=homelinux,dc=org - Can't contact LDAP serverudevd[882]: nss_ldap: failed to bind to LDAP serverldap://192.168.1.106: Can't contact LDAP server

udevd[882]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...

udevd[882]: nss_ldap: could not connect to any LDAP server ascn=admin,dc=janevert,dc=homelinux,dc=org - Can't contact LDAP serverudevd[882]: nss_ldap: failed to bind to LDAP serverldap://192.168.1.106: Can't contact LDAP server

udevd[882]: nss_ldap: reconnecting to LDAP server (sleeping 8 seconds)...

udevd[882]: nss_ldap: reconnecting to LDAP server (sleeping 16 seconds)...

udevd[882]: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...

udevd[882]: nss_ldap: reconnecting to LDAP server (sleeping 64 seconds)...

udevd[882]: nss_ldap: could not search LDAP server - Server is unavailable
udevd[882]: lookup_group: error resolving group 'scanner': Illegal seek
---------------- end of log -----------------

So this results in a delay of some 204 seconds per item. For a total ofabout 1800 seconds, or about 30 minutes.

And this test is even with the ldap server being present. So afterconfiguring the network things work smoothly.

I've tried changing the bind_timelimit and the timelimit in/etc/libnss-ldap.conf. Both have no influence on the behaviour.So either those do not apply to the tcp connection or this configurationfile does not used. Might it be that the initrd filesystem is still in use?

In nssswitch.conf I have 'files ldap' for passwd, group and shadow. Sohad those been present in the files, these wouldn't have been searchedin ldap.

This means that any system using ldap might run into those delays?

-- Jan Evert



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#390926: libnss-ldap: Startup scripts take ages to perform duties

Reply via email to