This bug is really an interaction between vixie-cron, openldap, and
nss_ldap. It also applies to all previous versions of RHL with these
packages; I'm filing it against Rawhide because I upgraded to the latest
packages to make sure the bug wasn't already fixed.
By default, crond is started at boot before the LDAP servers are. If LDAP
is being used for passwd information (via nss_ldap), this means that when
crond is started, user information is unavailable. When this happens,
those users' crontabs are ignored, and the following lines show up in the
foo (02/09-14:54:20-439) ORPHAN (no passwd entry)
bar (02/09-14:54:20-439) ORPHAN (no passwd entry)
bat (02/09-14:54:20-439) ORPHAN (no passwd entry)
("foo", "bar", and "bat" are hypothetical usernames). After this, no cron
jobs owned by these users are run, even after the LDAP server starts. If
cron is "kicked" (by someone installing a new crontab, or restarting the
daemon, or whatever), then it will start executing users' crontabs again.
I imagine this might apply to the use of NIS or other such lookup systems
I can think of three fixes, in increasing order of difficulty and
1. After booting and starting LDAP servers, make sure to kick cron somehow.
2. Change the startup order of cron and LDAP. (But are there other
dependencies? All this stuff is in some order, presumably for a reason,
but there aren't exactly any comments as to why, or what would break if
the order were changed. A dependency system would be so much better
than simple numeric priority, but that's another issue...)
3. Modify cron so that instead of looking up the user when a file is read
in ("early binding"), it looks up the user when it's about to run a job
("late binding"). I haven't looked at that part of cron's code, I have
no idea how hard this would be. Vixie-cron seems to be a little messy
in general, so I'm not sure if it's a good idea to go messing with it.
Fixed in openldap-1.2.9-5, in next rawhide release.