OpenLDAP and libnss conflict

Neil Joseph Schelly neil.schelly at oasis-open.org
Thu May 22 00:15:16 CEST 2008


On Wednesday 21 May 2008 15:07, Alain Spineux wrote:
> I just understood slapd was segfaulting at startup !
> You never spoke about statup before !
> This would have helped a bit !

I'm sorry - I thought I was being clear.

> I thing that when slapd start, it call a function related to NSS and
> regarding
> the configuration in nsswitch.conf try to get the answer from LDAP that is
> not
> yet started !

It's not slapd that is loading NSS.  The process is being loaded with an 
identity and privileges, so NSS gets loaded by that.

> Maybe slapd need to know uid of kolab, kolab-s, kolab-r users and groups to
> start !
> Then you must configure your NSS to look first into your existing passwd
> and group file,
> or something like that.

It does check local files too, but that doesn't prevent it from loading the 
necessary LDAP libraries for the NSS LDAP lookups.

> ldap_bind() is part of the LDAP api and should not be used by slapd
> and don't event exist in slapd. Then slapd could not "load" this "symbol"
> Why do you thing ldap_bind or any other functions part of the LDAP api
> is used by slapd

I picked an arbitrary function, not one that's necessary involved in either.  
ldap_bind() is a function in libldap_r though, and as such it's compiled into 
slapd.

-- 
Regards,
Neil Schelly

W: 978-667-5115 x213
M: 508-410-4776

Systems Administrator
OASIS http://www.oasis-open.org
"Advancing open standards for the information society"




More information about the users mailing list