Hi!
We have OpenLDAP server 2.3.43 (it runs on FreeBSD 7.2) and plenty of client servers with FreeBSD 7.2 as well. They authenticate against OpenLDAP server by means of nss_ldap and pam_ldap. nss_ldap-1.265_3 (We’ve also tried 1.266 version) openldap-client-2.4.21 pam_ldap-1.8.4_1
Actually we have an odd problem with nss_ldap. From time to time services like inetd, cron etc. stop function with the following messages in the log file:
Feb 18 07:12:00 host /usr/sbin/cron[78409]: nss_ldap: could not search LDAP server - Server is unavailable
Feb 18 07:12:00 host cron[78410]: nss_ldap: could not search LDAP server - Server is unavailable
Feb 18 07:12:00 host /usr/sbin/cron[78405]: nss_ldap: could not search LDAP server - Server is unavailable
Feb 18 07:13:00 host /usr/sbin/cron[78425]: nss_ldap: could not search LDAP server - Server is unavailable
Feb 18 07:13:00 host /usr/sbin/cron[78427]: nss_ldap: could not search LDAP server - Server is unavailable
In the meantime I can use tcpdump on the host with OpenLDAP and it shows that the problem client host connects to server and server replies to it. Also I can get information about users from LDAP catalog with ‘id’ command. Authorization works perfect as well.
If I open /usr/local/etc/nss_ldap.conf (on the problem client) and then save it without any changes in it the problem weirdly disappears and everything works perfectly.
Also while tracing cron and its child processes with truss I noticed the following messages in the tuss output:
……….
stat("/usr/local/etc/nss_ldap.conf",{ mode=-r--r--r-- ,inode=637148,size=516,blksize=4096 }) ERR#9 'Bad file descriptor'
……
stat("/etc/nsswitch.conf",{ mode=-rw-r--r-- ,inode=18772,size=383,blksize=4096 }) ERR#9 'Bad file descriptor'
…
complete truss output is here: http://info-msk.ru/truss.log