Project

General

Profile

Actions

Bug #6857

closed

local_sync_accounts fails during boot when using ldap on a non-local network or hostname

Added by Pablo Ruiz about 5 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Category:
User Manager / Privileges
Target version:
Start date:
10/15/2016
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
All
Affected Architecture:

Description

Hi,

When using an LDAP server on a non-local (ie. accesible thru a gateway) network, the system takes 10+ minutes to boot, due to errors trying to access ldap during startup:

Oct 16 02:18:35 fw-ext-2 php-cgi: rc.bootup: ERROR! ldap_get_groups() could not bind to server LDAP (SRE).
Oct 16 02:19:37 fw-ext-2 php-cgi: rc.bootup: ERROR! ldap_get_groups() could not bind to server LDAP (SRE).
Oct 16 02:20:38 fw-ext-2 php-cgi: rc.bootup: ERROR! ldap_get_groups() could not bind to server LDAP (SRE).
Oct 16 02:21:40 fw-ext-2 php-cgi: rc.bootup: ERROR! ldap_get_groups() could not bind to server  LDAP (SRE).
Oct 16 02:22:42 fw-ext-2 php-cgi: rc.bootup: ERROR! ldap_get_groups() could not bind to server LDAP (SRE).
Oct 16 02:23:44 fw-ext-2 php-cgi: rc.bootup: ERROR! ldap_get_groups() could not bind to server LDAP (SRE).
Oct 16 02:27:52 fw-ext-2 php-cgi: rc.bootup: ROUTING: setting default route to 10.75.48.30
Oct 16 02:27:52 fw-ext-2 kernel: done.
Oct 16 02:27:52 fw-ext-2 php-cgi: rc.bootup: ROUTING debug: 0.22204300 1476577672 - /sbin/route change -inet  '192.168.0.0/16'  10.75.48.62
Oct 16 02:27:52 fw-ext-2 php-cgi: rc.bootup: ROUTING debug: 0.22371900 1476577672 - /sbin/route change -inet  '10.0.0.0/8'  10.75.48.62

From inspecting /etc/rc.boot it looks like the following call to local_sync_accounts() requires networking (& routes) to be setup already:

echo "Synchronizing user settings...";
local_sync_accounts();
echo "done.\n";

So IMHO we should move the following code before invoking 'local_sync_accounts':

/* set up static routes */
system_routing_configure();

And we may want to enable dnsmasq/unbound before local_sync_accounts too, as we may need those services running in order to resolve LDAP servers' hostname.

Actions #1

Updated by Pablo Ruiz about 5 years ago

Actions #2

Updated by Jim Thompson almost 5 years ago

  • Assignee set to Renato Botelho
Actions #3

Updated by Renato Botelho almost 5 years ago

  • Subject changed from local_sync_accounts fails during boot when using ldap on a non-local network to local_sync_accounts fails during boot when using ldap on a non-local network or hostname
  • Target version set to 2.4.0
  • Affected Version set to All

If ldap server is configured using hostname and it depends of local DNS resolver it also fails

Actions #4

Updated by Renato Botelho almost 5 years ago

  • Status changed from New to Confirmed
Actions #5

Updated by Renato Botelho almost 5 years ago

  • Status changed from Confirmed to Feedback
  • % Done changed from 0 to 100
Actions #6

Updated by Jim Pingle almost 5 years ago

  • Status changed from Feedback to Resolved

Works, no failures or delays when booting with a remote LDAP server.

Actions #7

Updated by Jim Pingle over 4 years ago

  • Category set to User Manager / Privileges
  • Target version changed from 2.4.0 to 2.3.3
Actions

Also available in: Atom PDF