466526 – If GDM cannot contact an LDAP server as per system-config-authentication, it takes _FOREVER_ to give you the login screen

Bug 466526 - If GDM cannot contact an LDAP server as per system-config-authentication, it takes _FOREVER_ to give you the login screen

Summary: If GDM cannot contact an LDAP server as per system-config-authentication, it ...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	nss_ldap
Sub Component:
Version:	5.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Nalin Dahyabhai
QA Contact:	BaseOS QE
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-10-10 18:42 UTC by Suzanne Hillman
Modified:	2009-01-20 22:14 UTC (History)
CC List:	2 users (show)
Fixed In Version:	253-16.el5
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-01-20 22:14:28 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
messages file from the machine that had this problem (161.36 KB, text/plain) 2008-10-10 18:42 UTC, Suzanne Hillman	no flags	Details
chkconfig --list output (3.98 KB, text/plain) 2008-10-15 14:40 UTC, Suzanne Hillman	no flags	Details
rpm -qa output (30.75 KB, text/plain) 2008-10-15 14:41 UTC, Suzanne Hillman	no flags	Details
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:0241	0	normal	SHIPPED_LIVE	nss_ldap bug fix update	2009-01-20 16:06:42 UTC

Description Suzanne Hillman 2008-10-10 18:42:46 UTC

Created attachment 320047 [details]
messages file from the machine that had this problem

Description of problem:
If GDM cannot contact an LDAP server as per system-config-authentication, it takes _FOREVER_ to give you the login screen.

Version-Release number of selected component (if applicable):
pkinit-nss-0.7.6-1.el5
gdm-2.16.0-46.el5

How reproducible:
Always, I think

Steps to Reproduce:
1. Set up LDAP in both tabs in system-config-authentication, but mistype the server name. Hit ok to save it.
2. Reboot
  
Actual results:
Very long time before GDM gives you a login screen.

Expected results:
Pretty much instant, like it usually is.

Additional info:
No clue if this is a regression.

from /var/log/messages (also attached):

Oct 10 10:23:36 dhcp-100-2-179 gdm[2966]: nss_ldap: failed to bind to LDAP server ldap://cs.boston.devel.redhat.com/: Can't contact LDAP server
Oct 10 10:23:36 dhcp-100-2-179 gdm[2966]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Oct 10 10:23:40 dhcp-100-2-179 xfs: nss_ldap: failed to bind to LDAP server ldap://cs.boston.devel.redhat.com/: Can't contact LDAP server
Oct 10 10:23:40 dhcp-100-2-179 xfs: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
[...]
Oct 10 10:27:56 dhcp-100-2-179 gdm[2925]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 10 10:27:56 dhcp-100-2-179 gdm[2925]: Couldn't set acct. mgmt for testing


(note: 'testing' may be a user, as there is a local user called 'testing')

Comment 1 Suzanne Hillman 2008-10-14 17:34:55 UTC

This seems to have additional nastiness, as in every access which needs a username in gdm takes absurd amounts of time (logins, mostly).

This makes a machine largely unusable.

Comment 2 Suzanne Hillman 2008-10-14 18:00:02 UTC

Ok, comment #1 only happens if the LDAP server is down, so can be ignored. The gdm taking forever to start initially part, though, _REALLY_ needs to be fixed.

Comment 5 Nalin Dahyabhai 2008-10-14 22:17:46 UTC

(In reply to comment #2)
> The gdm taking forever to start initially part, though, _REALLY_ needs to be
> fixed.

I'm having trouble reproducing this with today's tree -- perhaps you're running something I'm not.  Can you attach a list of packages that you have installed, along with the output of 'chkconfig --list'?

Comment 6 Suzanne Hillman 2008-10-15 14:38:16 UTC

This is the tree from 20081006, FWIW.
And Client.

And adding 'gdm' to the line in /etc/ldap.conf about nss_initgroups_ignoreusers fixes the problem.

Will attach that data soon.

Comment 8 Suzanne Hillman 2008-10-15 14:40:29 UTC

Created attachment 320439 [details]
chkconfig --list output

Comment 9 Suzanne Hillman 2008-10-15 14:41:22 UTC

Created attachment 320440 [details]
rpm -qa output

Comment 13 errata-xmlrpc 2009-01-20 22:14:28 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0241.html

Note You need to log in before you can comment on or make changes to this bug.