From Bugzilla Helper: User-Agent: Mozilla/4.77 [en] (X11; U; Linux 2.2.19-1t i686) I use LDAP for User information, mounts and everything else. I use the nss_ldap switch to get the information from a central ldap server and I use secure LDAPv3 connections. If you do so, you can't cleanly shutdown, because the last running bash (which shuts the system down) has the following files mapped: (this is from a RH 6.2 system with enhancements but applies the same to RH 7.1) startx 22825 henning cwd DIR 0,6 16384 250 /mnt/home.net/henning (shirley:/mnt/raid1/home/henning) startx 22825 henning rtd DIR 3,5 4096 2 / startx 22825 henning txt REG 3,5 310640 87892 /bin/bash startx 22825 henning mem REG 3,5 340771 46284 /lib/ld-2.1.3.so startx 22825 henning mem REG 3,5 12224 43938 /lib/libtermcap.so.2.0.8 startx 22825 henning mem REG 3,5 4101836 46339 /lib/libc-2.1.3.so startx 22825 henning mem REG 3,5 246652 46347 /lib/libnss_files-2.1.3.so startx 22825 henning mem REG 3,5 58060 46269 /lib/libnss_ldap-2.1.3.so startx 22825 henning mem REG 3,5 183752 46275 /lib/libldap.so.2.0.5 startx 22825 henning mem REG 3,5 44550 46272 /lib/liblber.so.2.0.5 startx 22825 henning mem REG 3,5 370141 46345 /lib/libnsl-2.1.3.so startx 22825 henning mem REG 3,5 169720 46349 /lib/libresolv-2.1.3.so startx 22825 henning mem REG 3,5 202847 46337 /usr/lib/libssl.so.0.9.6 startx 22825 henning mem REG 3,5 897407 46336 /usr/lib/libcrypto.so.0.9.6 startx 22825 henning mem REG 3,5 75131 46343 /lib/libdl-2.1.3.so note libssl and libcrypto. When shutting down, the /usr filesystem stays busy if /usr is on a different FS than the root FS. So the machine does not shut down. Reproducible: Always Steps to Reproduce: 0. use LDAP for user information. Use secure LDAPv3 to query your server. 1. go to single user mode. 2. look at the pid of the initial shell 3. do "lsof -p <pid>" 4. look at the mapped libraries. libssl and libcrypto come from the /usr fs Actual Results: shutdown says "/usr busy", machine hangs, hard reboot needed, sometimes FS corruption occurs. reboot needs fsck of /usr Expected Results: machine should unmount /usr, remount / read-only and reboot moving the libssl and libcrypto to /lib makes this working.
This doesn't really solve the problem, since depending on how OpenLDAP was built, you may need SASL modules which live in /usr/lib/sasl, but I'll move them in openssl-0.9.6a-7 and later.