FS#33672 - [nss_ldap] systemd incorrectly handles nss_ldap (based on nsswitch.conf) -> freeze on bootup

Attached to Project: Arch Linux
Opened by Marek Kozlowski (guayasil) - Friday, 01 February 2013, 19:21 GMT
Last edited by Dave Reisner (falconindy) - Wednesday, 22 May 2013, 15:35 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jan de Groot (JGC)
Dave Reisner (falconindy)
Tom Gundersen (tomegun)
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

I have nss_ldap installed. With initscripts everything works fine. With systemd a 5 min. freeze occurs on system startup. I found that the reason is caused by the entries in /etc/nsswitch.conf :
------------------
passwd: files ldap
group: files ldap
shadow: files ldap
------------------
For absolutely unknown reason systemd tries to contact nss_ldap server at the beginning of system initialization (before the network, that is netcfg/ethernet-dhcp is fully functional) and subsequent timeouts occur. If I remove the `ldap' entries system boots up immediately. Unfortunately I need both: the fully functional system and nss_ldap (unfortunately: critical to my system).
This task depends upon

Closed by  Dave Reisner (falconindy)
Wednesday, 22 May 2013, 15:35 GMT
Reason for closing:  Upstream
Additional comments about closing:  Well known bug, probably won't be fixed upstream. Use nss-pam-ldapd instead.
Comment by Dave Reisner (falconindy) - Friday, 01 February 2013, 19:47 GMT
Could you add 'After=network.target' to systemd-tmpfiles-setup.service?

systemd isn't really doing anything wrong here, it's just a problem of ordering.
Comment by Marek Kozlowski (guayasil) - Friday, 01 February 2013, 20:40 GMT
Adding 'After=network.target' to systemd-tmpfiles-setup.service gives no change :-(
Comment by Dave Reisner (falconindy) - Friday, 01 February 2013, 20:47 GMT
You'll need to figure out what it is isn't ordered properly. Until then, there's nothing we can fix.
Comment by Marek Kozlowski (guayasil) - Friday, 01 February 2013, 20:50 GMT
The problem is: as for me there is no reason anything should try to contact LDAP service during bootup. `files' precedes `ldap'. There is no need for using LDAP cause all system information is in local files...
Comment by Dave Reisner (falconindy) - Friday, 01 February 2013, 20:54 GMT
Right, but systemd itself doesn't read this /etc/nsswitch.conf. It's just using the glibc functions which, in turn, use nss.
Comment by Marek Kozlowski (guayasil) - Friday, 01 February 2013, 20:57 GMT
Yes but AFAIK if needed information is in the first entry (files) it should not check the second one (LDAP).
BTW: is there any way to trace / analyze what / when exactly runs it? If have a very limited knowledge on analyzing systemd..
Comment by Marek Kozlowski (guayasil) - Friday, 01 February 2013, 21:04 GMT
The problem is directly preceded by the line (journalctl):
Feb 01 21:32:59 localhost systemd-modules-load[180]: Inserted module 'nfs'
Does it help?
Comment by Dave Reisner (falconindy) - Friday, 01 February 2013, 21:38 GMT
It's a journal entry about the nfs module being loaded. What does that have to do with userspace name resolution?
Comment by Marek Kozlowski (guayasil) - Friday, 01 February 2013, 21:40 GMT
This journalctl entry directly precedes messages about nss_ldap errors.
Comment by Dave Reisner (falconindy) - Friday, 01 February 2013, 21:51 GMT
I think you need a stronger correlation to show any causation...
Comment by Marek Kozlowski (guayasil) - Sunday, 03 February 2013, 20:59 GMT
By tests I've just figured out the the problem concerns `group: files ldap'. For `passwd' and `shadow' this entry (ldap) does no harm.
Comment by Marek Kozlowski (guayasil) - Saturday, 09 February 2013, 12:41 GMT
https://bugzilla.redhat.com/show_bug.cgi?id=502072
http://forums.opensuse.org/english/get-technical-help-here/network-internet/474413-nss_ldap-attempts-reach-ldap-before-rcnetwork-starts.html
Seems to be a well known bug. A critical one to people using nss_ldap and systemd. The solution for opensuse it no to use systemd. Arch users don't have such option :-(

Loading...