[Pkg-openldap-devel] Bug#589915: slapd: service is not operational when the init.d script exits during boot

Petter Reinholdtsen pere at hungry.com
Thu Jul 22 08:11:23 UTC 2010


Package:  slapd
Version:  2.4.17-2.1
Severity: grave
User:     debian-edu at lists.debian.org
UserTags: debian-edu

I ran into this problem with Debian Edu based on Debian/Squeeze, where
we configure MIT Kerberos to use LDAP as its backend.  The problem is
that some times the Kerberos kdc fail to start and the error message
in the log is

  krb5kdc: Can't contact LDAP server - while initializing database for INTERN

Trying to figure out what is wrong, I added this line to the krb5-kdc
init.d script, at the beginning of the start block:

  ldapsearch -H ldapi:// -x > /tmp/ldapsearch.log 2>&1

After the boot, this was the content of the file:

  ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

Adding this search delayed the kdc startup enough to make it start
properly at boot.  This make me believe there is a race condition in
the parallel boot, and that the slapd service is not operational when
its init.d script exits, but instead becomes ready a fraction of a
second later.  This causes services depending on slapd to some times
fail to start.

A similar issue was discovered with pdns (#585966), and there the
workaround there was to add sleep 2 to the init.d script.  Unless
slapd can be rewritten to become operational before it forks, this
might be a reasonable workaround here too.

Setting the severity to grave, as this causes other packages to fail
to start properly at boot when a service uses LDAP during boot.

Happy hacking,
-- 
Petter Reinholdtsen





More information about the Pkg-openldap-devel mailing list