213608 – System fails to boot when LDAP Authentication is enabled

Bug 213608 - System fails to boot when LDAP Authentication is enabled

Summary: System fails to boot when LDAP Authentication is enabled

Keywords:
Status:	CLOSED NOTABUG
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	openldap
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	high
Target Milestone:	---
Assignee:	Jay Fenlason
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-02 09:59 UTC by Duncan Innes
Modified:	2014-08-31 23:28 UTC (History)
CC List:	1 user (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2006-11-03 19:04:12 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
/etc/ldap.conf (1.00 KB, text/plain) 2006-11-03 10:43 UTC, Duncan Innes	no flags	Details
/etc/openldap/ldap.conf (399 bytes, text/plain) 2006-11-03 10:44 UTC, Duncan Innes	no flags	Details
View All

Description Duncan Innes 2006-11-02 09:59:36 UTC

Description of problem: When LDAP Authentication is enabled, the system fails to
boot past the System Message Bus.  It hangs completely at this point.


Version-Release number of selected component (if applicable): 2.3.27


How reproducible: Every time


Steps to Reproduce:
1. Install clean FC6 (system works perfectly)
2. Install various extras (nvidia drivers, Compiz etc - or none at all)
3. Configure LDAP Authentication
  
Actual results: System will not boot past System Message Bus


Expected results: System to boot fully without problem


Additional info: The boot issue can be fixed by booting into single user mode
and completely removing the LDAP configuration.  The doesn't solve the problem,
but does allow us to boot the machine and use it.

Comment 1 Jay Fenlason 2006-11-02 22:56:26 UTC

WORKSFORME when I pointed a fresh FC6 install at an ldap server by using the 
"create network login" screen in firstboot.  It came up, I logged in and 
confirmed that I could see the LDAP users via getent.  I rebooted, and the 
machine came back up flawlessly. 
 
Can you attach the /etc/ldap.conf you were using when it hung?  And provide 
some more details about your LDAP server so I can try to reproduce this?

Comment 2 Duncan Innes 2006-11-03 10:35:50 UTC

The installation for LDAP is following the guidelines that we found worked (of
sorts) on an RHEL 5 beta workstation:

Run this command: 
        authconfig --useshadow --enablemd5 --enablecache --enableldap
--enableldapauth --ldapserver='lonldap2 houldap2'
--ldapbasedn='dc=aac,dc=anadarko,dc=com' --enablelocauthorize --update

Then grab these files off lon684:

/etc/ldap.conf 
/etc/openldap/ldap.conf 
/etc/pam.d/system-auth 
/etc/auto.master 
/usr/local/anadarko/auto_home.pl 
/usr/local/anadarko/auto.misc.pl

Run /etc/init.d/autofs restart

And you should be able to get a listing of /misc/oasis with names/groups
resolved… watch if you have created local home directories or added a manual
mount of home as these will probably disappear under the auto mounter…

The new autofs doesn't appear when you run mount… but it does appear in /proc/mounts

Comment 3 Duncan Innes 2006-11-03 10:43:46 UTC

Created attachment 140228 [details]
/etc/ldap.conf

Comment 4 Duncan Innes 2006-11-03 10:44:21 UTC

Created attachment 140229 [details]
/etc/openldap/ldap.conf

Comment 5 Duncan Innes 2006-11-03 10:48:52 UTC

Have attached the two ldap.conf files for now.  Changing some sensitive
information where necessary.

Will attach other files if you feel them necessary.

Duncan Innes

Comment 6 Jay Fenlason 2006-11-03 19:04:12 UTC

That /etc/ldap.conf was not created by system-config-authentication or 
firstboot.  It is missing the critical line 
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon

Note You need to log in before you can comment on or make changes to this bug.