Created attachment 320047 [details] messages file from the machine that had this problem Description of problem: If GDM cannot contact an LDAP server as per system-config-authentication, it takes _FOREVER_ to give you the login screen. Version-Release number of selected component (if applicable): pkinit-nss-0.7.6-1.el5 gdm-2.16.0-46.el5 How reproducible: Always, I think Steps to Reproduce: 1. Set up LDAP in both tabs in system-config-authentication, but mistype the server name. Hit ok to save it. 2. Reboot Actual results: Very long time before GDM gives you a login screen. Expected results: Pretty much instant, like it usually is. Additional info: No clue if this is a regression. from /var/log/messages (also attached): Oct 10 10:23:36 dhcp-100-2-179 gdm[2966]: nss_ldap: failed to bind to LDAP server ldap://cs.boston.devel.redhat.com/: Can't contact LDAP server Oct 10 10:23:36 dhcp-100-2-179 gdm[2966]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)... Oct 10 10:23:40 dhcp-100-2-179 xfs: nss_ldap: failed to bind to LDAP server ldap://cs.boston.devel.redhat.com/: Can't contact LDAP server Oct 10 10:23:40 dhcp-100-2-179 xfs: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)... [...] Oct 10 10:27:56 dhcp-100-2-179 gdm[2925]: pam_ldap: ldap_simple_bind Can't contact LDAP server Oct 10 10:27:56 dhcp-100-2-179 gdm[2925]: Couldn't set acct. mgmt for testing (note: 'testing' may be a user, as there is a local user called 'testing')
This seems to have additional nastiness, as in every access which needs a username in gdm takes absurd amounts of time (logins, mostly). This makes a machine largely unusable.
Ok, comment #1 only happens if the LDAP server is down, so can be ignored. The gdm taking forever to start initially part, though, _REALLY_ needs to be fixed.
(In reply to comment #2) > The gdm taking forever to start initially part, though, _REALLY_ needs to be > fixed. I'm having trouble reproducing this with today's tree -- perhaps you're running something I'm not. Can you attach a list of packages that you have installed, along with the output of 'chkconfig --list'?
This is the tree from 20081006, FWIW. And Client. And adding 'gdm' to the line in /etc/ldap.conf about nss_initgroups_ignoreusers fixes the problem. Will attach that data soon.
Created attachment 320439 [details] chkconfig --list output
Created attachment 320440 [details] rpm -qa output
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0241.html