Project

General

Profile

Bug #487

Unable to load configuration '/var/ldap/ldap_client_file' ('')

Added by Piotr Jasiukajtis over 9 years ago. Updated about 2 years ago.

Status:
Feedback
Priority:
Normal
Assignee:
-
Category:
-
Start date:
2010-12-09
Due date:
% Done:

0%

Estimated time:
Difficulty:
Tags:
Gerrit CR:

Description

If you use LDAP name service (ldap/client service) you will see this harmless (I hope) warning at boot time:

libsldap: Status: 2  Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('')

Tested and affected ON versions:
- onnv_145 non debug build
- onnv_147 non debug build
- OpenIndiana 147
- illumos-gate debug build

History

#1

Updated by Jean-Yves Avenard over 9 years ago

This issue occurs with OpenIndiana 148 too.

And unfortunately, it is not harmless.

At the time /var/ldap/ldap_client_file is loaded, /var hasn't been mounted yet and as such doesn't exist. Should pam.conf be configured to allow LDAP users to connect, as libsldap fail, no one can connect.

Only work around is boot in single user mode, manually edit pam configuration and remove all ldap related entries.
After the system have finished booting, you can then re-enable ldap.

#2

Updated by Albert Lee over 9 years ago

  • Priority changed from Low to Normal

Jean-Yves Avenard wrote:

This issue occurs with OpenIndiana 148 too.

And unfortunately, it is not harmless.

At the time /var/ldap/ldap_client_file is loaded, /var hasn't been mounted yet and as such doesn't exist. Should pam.conf be configured to allow LDAP users to connect, as libsldap fail, no one can connect.

ldap/client depends on filesystem/minimal, so /var will already have been mounted. The start method will actually print the message "WARNING: /var/ldap/ldap_client_file is missing or not readable" if the file was actually missing, so there might be some other implicit dependency for libsldap to operate.

#3

Updated by Albert Lee over 9 years ago

  • Status changed from New to Feedback

I've seen this more recently when the LDAP server hostname couldn't be resolved - if you're not verifying an SSL cert, can you try using an IP address in the configuration?

#4

Updated by Andreas GrĂ¼ninger over 2 years ago

Piotr is right, the messages is harmless but annoying.

If you configure ldap/client this message will appear in the log when svc.startd initializes.
Only in this stage the message is harmless. But I would prefer not to get this message at all.

If you misconfigure ldap/client you will get this message again and other error messages but they will appear later.
E.g. when sendmail starts.
Or name resolution does not work (see above).

We use Kerberos for the integration in an Active Directory environment with sasl/GSSAPI for the ldap/client, where nss_ldap fetches informations for the user accounts from the AD.
In this situation we find the messages in /var/adm/messages:

...
Oct 31 19:53:17 zd-oirepo-s1 svc.startd51: [ID 293258 daemon.warning] libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
...
Oct 31 19:53:21 zd-oirepo-s1 automountd697: [ID 293258 daemon.warning] libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
Oct 31 19:53:21 zd-oirepo-s1 automountd697: [ID 793764 daemon.error] Can not determine version of LDAP profile that is used (4, Unable to load configuration '/var/ldap/ldap_client_file' ('').). Using version 2 profile defaults
Oct 31 19:53:21 zd-oirepo-s1 automount698: [ID 793764 user.error] Can not determine version of LDAP profile that is used (4, Unable to load configuration '/var/ldap/ldap_client_file' ('').). Using version 2 profile defaults
Oct 31 19:53:21 zd-oirepo-s1 automount698: [ID 293258 daemon.warning] libsldap: Status: 2 Mesg: Unable to load configuration '/var/ldap/ldap_client_file' ('').
----

and ldap/client does not work.

When I change the dependencies for ldap/client to
<dependency name='network' grouping='require_all' restart_on='error' type='service'>
<service_fmri value='svc:/milestone/network:default'/>
</dependency>
<dependency name='filesystem-local' grouping='require_all' restart_on='none' type='service'>
<service_fmri value='svc:/system/filesystem/local:default'/>
</dependency>
ldap/client works and I get only the first harmless message.

Also available in: Atom PDF