On Tuesday 12 August 2008 12:01:16 Emmanuel Dreyfus wrote:
> On Tue, Aug 12, 2008 at 11:17:13AM +0200, Buchan Milne wrote:
> > Anyway, I will point out that this issue is more or less an FAQ on the
> > nss_ldap list.
>
> IMO, the problem is in slapd: it starts listening for requests while
> it is not ready yet for answering requests.
>
> If the listener was not ready when slapd would do its initgroups() call,
> then NSS would not contact local slapd, it would fallback to other sources
> (/etc/passwd and /etc/group), and everything would be fine.
Only for your case, where it is nss_ldap is preventing slapd from starting,
not the case where haldaemon (or similar, but haldaemon is the most common
suspect on RedHat-based systems).
> What about a new slapd.conf option?
> delayed_service {none|warm|syncrepl}
Add another option, database
> and slapd would...
> ... behave as it does now for "none"
> ... return LDAP_UNAVAILABLE until initialization is completed for "warm"
> ... return LDAP_UNAVAILABLE until syncrepl catch up with master for
> "syncrepl"
return LDAP_UNAVAILABLE until all databases are recovered and started.
> The later option would fix the stupid situation where your replica starts
> and answer outdated stuff until syncrepl catch up.
Yes, this would be useful to me. But, I don't see a need for this to solve the
chicken/egg slapd vs nss_ldap issue (because this is a sub-set of the whole
problem).
Regards,
Buchan
