Bug 213608 - System fails to boot when LDAP Authentication is enabled
System fails to boot when LDAP Authentication is enabled
Product: Fedora
Classification: Fedora
Component: openldap (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Jay Fenlason
Depends On:
  Show dependency treegraph
Reported: 2006-11-02 04:59 EST by Duncan Innes
Modified: 2014-08-31 19:28 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-11-03 14:04:12 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
/etc/ldap.conf (1.00 KB, text/plain)
2006-11-03 05:43 EST, Duncan Innes
no flags Details
/etc/openldap/ldap.conf (399 bytes, text/plain)
2006-11-03 05:44 EST, Duncan Innes
no flags Details

  None (edit)
Description Duncan Innes 2006-11-02 04:59:36 EST
Description of problem: When LDAP Authentication is enabled, the system fails to
boot past the System Message Bus.  It hangs completely at this point.

Version-Release number of selected component (if applicable): 2.3.27

How reproducible: Every time

Steps to Reproduce:
1. Install clean FC6 (system works perfectly)
2. Install various extras (nvidia drivers, Compiz etc - or none at all)
3. Configure LDAP Authentication
Actual results: System will not boot past System Message Bus

Expected results: System to boot fully without problem

Additional info: The boot issue can be fixed by booting into single user mode
and completely removing the LDAP configuration.  The doesn't solve the problem,
but does allow us to boot the machine and use it.
Comment 1 Jay Fenlason 2006-11-02 17:56:26 EST
WORKSFORME when I pointed a fresh FC6 install at an ldap server by using the 
"create network login" screen in firstboot.  It came up, I logged in and 
confirmed that I could see the LDAP users via getent.  I rebooted, and the 
machine came back up flawlessly. 
Can you attach the /etc/ldap.conf you were using when it hung?  And provide 
some more details about your LDAP server so I can try to reproduce this? 
Comment 2 Duncan Innes 2006-11-03 05:35:50 EST
The installation for LDAP is following the guidelines that we found worked (of
sorts) on an RHEL 5 beta workstation:

Run this command: 
        authconfig --useshadow --enablemd5 --enablecache --enableldap
--enableldapauth --ldapserver='lonldap2 houldap2'
--ldapbasedn='dc=aac,dc=anadarko,dc=com' --enablelocauthorize --update

Then grab these files off lon684:


Run /etc/init.d/autofs restart

And you should be able to get a listing of /misc/oasis with names/groups
resolved… watch if you have created local home directories or added a manual
mount of home as these will probably disappear under the auto mounter…

The new autofs doesn't appear when you run mount… but it does appear in /proc/mounts
Comment 3 Duncan Innes 2006-11-03 05:43:46 EST
Created attachment 140228 [details]
Comment 4 Duncan Innes 2006-11-03 05:44:21 EST
Created attachment 140229 [details]
Comment 5 Duncan Innes 2006-11-03 05:48:52 EST
Have attached the two ldap.conf files for now.  Changing some sensitive
information where necessary.

Will attach other files if you feel them necessary.

Duncan Innes
Comment 6 Jay Fenlason 2006-11-03 14:04:12 EST
That /etc/ldap.conf was not created by system-config-authentication or 
firstboot.  It is missing the critical line 
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon 

Note You need to log in before you can comment on or make changes to this bug.