Red Hat Bugzilla – Bug 436307
runuser breaks starting ldap service
Last modified: 2012-06-20 09:29:48 EDT
Description of problem:
Our customer reported that since updating to 4.6 the ldap service cannot be
started. Our investigation showed that /sbin/runuser caused the problem.
Version-Release number of selected component (if applicable):
Always, when the ldap server is on localhost.
Steps to Reproduce:
1. Create LDAP environment
2. Authenticate against ldap
3. Restart ldap service
Mar 6 10:07:59 XXX runuser: nss_ldap: failed to bind to LDAP server 127.0.0.1:
Can't contact LDAP server
Mar 6 10:07:59 XXX runuser: nss_ldap: reconnecting to LDAP server...
A working ldap service.
It seems that runuser ignores authentication settings and tries to find ldap
user in ldap, regardless they are local users. Our solution was putting ldap and
root users into the ldap.conf:
This is not the issue with runuser - works as expected. Changing component to
nss_ldap as possible source of problems.
echo "bind_policy soft" >> /etc/ldap.conf
If you have multiple servers listed in uri or host, this may not necessarily do exactly what you want if the first server fails, in that case, look at the nss_reconnect_tries,nss_reconnect_sleeptime,nss_reconnect_maxsleeptiome,nss_reconnect_maxconntries options.
Thank you for submitting this issue for consideration in Red Hat Enterprise Linux. The release for which you requested us to review is now End of Life.
Please See https://access.redhat.com/support/policy/updates/errata/
If you would like Red Hat to re-consider your feature request for an active release, please re-open the request via appropriate support channels and provide additional supporting details about the importance of this issue.