Package: slapd Version: 2.4.17-2.1 Severity: grave User: debian-...@lists.debian.org UserTags: debian-edu
I ran into this problem with Debian Edu based on Debian/Squeeze, where we configure MIT Kerberos to use LDAP as its backend. The problem is that some times the Kerberos kdc fail to start and the error message in the log is krb5kdc: Can't contact LDAP server - while initializing database for INTERN Trying to figure out what is wrong, I added this line to the krb5-kdc init.d script, at the beginning of the start block: ldapsearch -H ldapi:// -x > /tmp/ldapsearch.log 2>&1 After the boot, this was the content of the file: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) Adding this search delayed the kdc startup enough to make it start properly at boot. This make me believe there is a race condition in the parallel boot, and that the slapd service is not operational when its init.d script exits, but instead becomes ready a fraction of a second later. This causes services depending on slapd to some times fail to start. A similar issue was discovered with pdns (#585966), and there the workaround there was to add sleep 2 to the init.d script. Unless slapd can be rewritten to become operational before it forks, this might be a reasonable workaround here too. Setting the severity to grave, as this causes other packages to fail to start properly at boot when a service uses LDAP during boot. Happy hacking, -- Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org