After configuring NSS-LDAP for accounts and hosts, the system was able to retrieve host info with getent hosts, but could not resolve hosts name with ping or ssh. Did a reboot to see if the problem with host lookup would clear. The system would hang on boot. After booting with rescue cd and removing LDAP from nsswitch.conf the system was able to boot.
A bug has been submitted, but other than having a person assigned to it , I have not heard anything yet.
My LDAP server is not configured for TLS it is only using port 389.
The problem is within NSS, either NSS itself or the NSS-LDAP module.
There are a few problems here.
1 NSS is not supposed to call LDAP unless the lookup in files failed first.
2 The bind to LDAP does not time out with unavailable.
3 NSS does not check to see if network is up before trying to do a network call.
My systems are not taken a long time to boot, they will not boot. NSS is calling and hanging on LDAP before the system even starts the network, so it does not matter if my LDAP server is using 389 or 639 the system can not bind to LDAP because the network is down. This problem will not even let me boot into single user mode.
I saw a problem like this when my LDAP server was on gentoo, years ago, it was trying to access LDAP before LDAP was started.
Was 12.3 and update from an older version? Which? Systemd seems to have had a lot of changes so maybe some old configuration that worked is not working now.
Ideally ldap should depend on network in the config files. Since a lot is being done in parallel.
A look at man 5 nsswitch.conf reveals no mention of LDAP as a legal location and /usr/lib - which contains all the sources mentioned in man 5 nsswitch.conf - does not contain it though there is a libnss_ldap.so.2 in /lib/.
It refers to nisplus as version 3 and nis as version 2; so it looks as if you have to get NSS version 2 running to use LDAP - but I’ve no idea how to do that!
It was an update from 12.1 on three different computers. I did a fresh install from disc. Both the upgrade and the fresh install stopped at the same point during boot…
I don’t know about any one else, but I have seen an increasing number of computers having boot hang problems since 12.1 and systemd. It would take multiple reboots and prower offs before the system would come up. Two of my computers are having a problem that requires a boot to single user mode then an init 5. I have also seen where my computers will not go to init 3, they go full init 5. I have not been able to pin anything down, identical computers have different problems or some would have none. Systems with different hardware would have the same problem. I had some 12.1 systems that would not boot with splash=silent quiet in the boot loader. And to me it seems that the systems boot faster without the options. But with out error messages I can’t submit a bug report. I can’t say different computers stop a different points in the boot with out errors.
On systems with additional libraries installed, you may have access to further services such as "hesiod", **"ldap"**, "winbind"
and "wins".
A lot of people are having problem after trying to upgrade from 12.1 which is not really supported. recommended to first go to 12.2 then 12.3. Personly I think 12.3 requires a fresh install.
I have seen a couple threads with the sometimes it boots and sometimes it doesn’t problem. Don’t remember if they involved upgrades or fresh installs.
.I think that there has been some major changes to the way systemd works and that is causing problems when upgrading.
My point is that I have two systems on my computer, 2.17 and 3; 2.17 supports ldap, 3 doesn’t; their libraries are in different places and the man page for nsswitch.conf suggests that the default is 3. I don’t know how to get 2.17 libraries working in 3 but I am suggesting that 3 may not ‘have access to further services’ because of the version difference and this may be the cause of your problems.
I do not understand what you mean by you have two systems on your computer, two what?
The big problem here is that LDAP should not be called during boot, everything needed is in files. I scanned my system there are no unowned files, group or user. The first external reference is my NFS mount, which the is not called until after the network starts. The system stops boot well before the network starts. It also does not time out like a normal ldap bind failure would have. My system was on for a week stuck on boot.