Environment
Novell eDirectory 8.7.3.7 for Solaris
Novell eDirectory 8.8 for Solaris
Sun Solaris 9
Situation
Performing a " find / " command results in it hanging when it
examines the /xfn directory and requires a " CTL + C ".
Running a " df -k " results in an error: " df: a line in /etc/mnttab has too many fields ".
Running a " df -k " results in an error: " df: a line in /etc/mnttab has too many fields ".
A " ls " on the /xfn directory results in a
hang.
Resolution
This Solaris server had the Sun Federated Naming System (FNS)
installed. This feature allows an X.500 directory (LDAP) to
browsed via the filesystem.
The product's x500.conf file, by default will point to a LDAP server via the local loopback. Once eDirectory is installed on this server as well the service will attempt an anonymous bind to our LDAP server. If sucessful it will use Public's browse right to populate the /xfn file system directory with a mirror image of the eDirectory structure. If the tree is large, this can lead to a large amount of data being written to the server's file system.
Commenting out the /etc/auto_master entry from the conf file and running automount to implement the change will disable this feature.
Other Solutions:
1. Restart automount using the following command "pgrep automountd || /etc/init.d/autofs start
2. If FNS is not intended to be used with LDAP, remove the server name " ldap " from the /etc/fn/x500.conf file.
3. Remove the /xfn entry from the auto_master mapfile either in files or NIS, NIS+ or LDAP.
4. If FNS is not being used remove the following packages:
SUNW/fns - Federated Naming System
SUNW/fnsx - FNS (64-bit)
SUNW/fnsx5 - FNS support for X.500 Directory Context
5. Disable anonymous binds.
The product's x500.conf file, by default will point to a LDAP server via the local loopback. Once eDirectory is installed on this server as well the service will attempt an anonymous bind to our LDAP server. If sucessful it will use Public's browse right to populate the /xfn file system directory with a mirror image of the eDirectory structure. If the tree is large, this can lead to a large amount of data being written to the server's file system.
Commenting out the /etc/auto_master entry from the conf file and running automount to implement the change will disable this feature.
Other Solutions:
1. Restart automount using the following command "pgrep automountd || /etc/init.d/autofs start
2. If FNS is not intended to be used with LDAP, remove the server name " ldap " from the /etc/fn/x500.conf file.
3. Remove the /xfn entry from the auto_master mapfile either in files or NIS, NIS+ or LDAP.
4. If FNS is not being used remove the following packages:
SUNW/fns - Federated Naming System
SUNW/fnsx - FNS (64-bit)
SUNW/fnsx5 - FNS support for X.500 Directory Context
5. Disable anonymous binds.
Additional Information
This problem is accerbated by the practise of using a " find / "
command without also following it with a - mount command. One
can be guaranteed to run into problems without following a find
command from the root with a -mount command since the command will
likely descend into directories such as /proc, /xfn, /net,
etc. Should it descend into /xfn a realtime query will be
performed on the LDAP server thereby populating this
directory.
For further information please refer to Sun Alert 57786
For further information please refer to Sun Alert 57786