Bug 466526 - If GDM cannot contact an LDAP server as per system-config-authentication, it takes _FOREVER_ to give you the login screen
If GDM cannot contact an LDAP server as per system-config-authentication, it ...
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss_ldap (Show other bugs)
5.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Nalin Dahyabhai
BaseOS QE
: Desktop
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-10-10 14:42 EDT by Suzanne Hillman
Modified: 2009-01-20 17:14 EST (History)
2 users (show)

See Also:
Fixed In Version: 253-16.el5
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-01-20 17:14:28 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
messages file from the machine that had this problem (161.36 KB, text/plain)
2008-10-10 14:42 EDT, Suzanne Hillman
no flags Details
chkconfig --list output (3.98 KB, text/plain)
2008-10-15 10:40 EDT, Suzanne Hillman
no flags Details
rpm -qa output (30.75 KB, text/plain)
2008-10-15 10:41 EDT, Suzanne Hillman
no flags Details

  None (edit)
Description Suzanne Hillman 2008-10-10 14:42:46 EDT
Created attachment 320047 [details]
messages file from the machine that had this problem

Description of problem:
If GDM cannot contact an LDAP server as per system-config-authentication, it takes _FOREVER_ to give you the login screen.

Version-Release number of selected component (if applicable):
pkinit-nss-0.7.6-1.el5
gdm-2.16.0-46.el5

How reproducible:
Always, I think

Steps to Reproduce:
1. Set up LDAP in both tabs in system-config-authentication, but mistype the server name. Hit ok to save it.
2. Reboot
  
Actual results:
Very long time before GDM gives you a login screen.

Expected results:
Pretty much instant, like it usually is.

Additional info:
No clue if this is a regression.

from /var/log/messages (also attached):

Oct 10 10:23:36 dhcp-100-2-179 gdm[2966]: nss_ldap: failed to bind to LDAP server ldap://cs.boston.devel.redhat.com/: Can't contact LDAP server
Oct 10 10:23:36 dhcp-100-2-179 gdm[2966]: nss_ldap: reconnecting to LDAP server (sleeping 4 seconds)...
Oct 10 10:23:40 dhcp-100-2-179 xfs: nss_ldap: failed to bind to LDAP server ldap://cs.boston.devel.redhat.com/: Can't contact LDAP server
Oct 10 10:23:40 dhcp-100-2-179 xfs: nss_ldap: reconnecting to LDAP server (sleeping 32 seconds)...
[...]
Oct 10 10:27:56 dhcp-100-2-179 gdm[2925]: pam_ldap: ldap_simple_bind Can't contact LDAP server
Oct 10 10:27:56 dhcp-100-2-179 gdm[2925]: Couldn't set acct. mgmt for testing


(note: 'testing' may be a user, as there is a local user called 'testing')
Comment 1 Suzanne Hillman 2008-10-14 13:34:55 EDT
This seems to have additional nastiness, as in every access which needs a username in gdm takes absurd amounts of time (logins, mostly).

This makes a machine largely unusable.
Comment 2 Suzanne Hillman 2008-10-14 14:00:02 EDT
Ok, comment #1 only happens if the LDAP server is down, so can be ignored. The gdm taking forever to start initially part, though, _REALLY_ needs to be fixed.
Comment 5 Nalin Dahyabhai 2008-10-14 18:17:46 EDT
(In reply to comment #2)
> The gdm taking forever to start initially part, though, _REALLY_ needs to be
> fixed.

I'm having trouble reproducing this with today's tree -- perhaps you're running something I'm not.  Can you attach a list of packages that you have installed, along with the output of 'chkconfig --list'?
Comment 6 Suzanne Hillman 2008-10-15 10:38:16 EDT
This is the tree from 20081006, FWIW.
And Client.

And adding 'gdm' to the line in /etc/ldap.conf about nss_initgroups_ignoreusers fixes the problem.

Will attach that data soon.
Comment 8 Suzanne Hillman 2008-10-15 10:40:29 EDT
Created attachment 320439 [details]
chkconfig --list output
Comment 9 Suzanne Hillman 2008-10-15 10:41:22 EDT
Created attachment 320440 [details]
rpm -qa output
Comment 13 errata-xmlrpc 2009-01-20 17:14:28 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0241.html

Note You need to log in before you can comment on or make changes to this bug.