Environment
Novell Open Enterprise Server (Linux based)
Novell Linux User Management 2.20.12-1
Situation
When executing a "getent passwd" on a OES server running Linux
User Managment, namcd shuts down. It does not matter
what ldap server is specified in the /var/nam.conf file, namcd
still shuts down.
"id admin" or "id " returned correct
information without shutting down namcd.
Errors in /var/log/messages
server-01 /usr/sbin/namcd[7830]: insertGidListIntoUserHash:
pw_name is NULL
server-01 /usr/sbin/namcd[7830]: addOutOfBaseContextUsersToList: insertGidListintHash not success
server-01 /usr/sbin/namcd[7830]: namcd Populated hash tables
server-01 /usr/sbin/namcd[7830]: Created all the threads
server-01 /usr/sbin/namcd[7830]: InsertPwdandFDNIntoUserHash: pw_name is NULL
server-01 getent: nds_nss_read_reply: AF_UNIX read() - no data
server-01 /usr/sbin/namcd[7830]: addOutOfBaseContextUsersToList: insertGidListintHash not success
server-01 /usr/sbin/namcd[7830]: namcd Populated hash tables
server-01 /usr/sbin/namcd[7830]: Created all the threads
server-01 /usr/sbin/namcd[7830]: InsertPwdandFDNIntoUserHash: pw_name is NULL
server-01 getent: nds_nss_read_reply: AF_UNIX read() - no data
nam.conf is setup as
server-01:~ # more /etc/nam.confbase-name=o=org
admin-fdn=cn=admin,ou=orgunit,o=org
preferred-server=100.100.100.100 (not the local server)
num-threads=5
schema=rfc2307
enable-persistent-cache=YES
user-hash-size=211
group-hash-size=211
persistent-cache-refresh-period=28800
persistent-cache-refresh-flag=all
create-home=yes
type-of-authentication=2
certificate-file-type=der
ldap-ssl-port=636
ldap-port=389
support-alias-name=no
support-outside-base-context=yes
Configured the LDAP server with advanced LDAP
tracing. This is done on the LDAP Server
object. In iManager the page looks like
below. You must then unload and load ldap on the
server.
An eDirectory trace (DSTRACE) with +TIME +TAGS +LDAP
shows the following. You have to trace it to file
with DSTRACE FILE ON to the dstrace.log file.
LDAP: [2007/04/14 21:55:37] New TLS connection 0xce1d93c0 from
100.100.100.100:35169, monitor = 0xca, index = 24
LDAP: [2007/04/14 21:55:37] Monitor 0xca initiating TLS handshake on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoTLSHandshake on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Completed TLS handshake on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoBind on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Treating simple bind with empty DN and no password as anonymous
LDAP: [2007/04/14 21:55:37] Bind name:NULL, version:3, authentication:simple
LDAP: [2007/04/14 21:55:37] Sending operation result 0:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoSearch on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Search request:
base: "o=org"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(uidNumber=2847)"
attribute: "uid"
attribute: "uidNumber"
attribute: "gidNumber"
attribute: "gecos"
attribute: "homeDirectory"
attribute: "loginShell"
attribute: "groupMembership"
007/04/14 21:55:37] Sending search result entry"cn=mirror,ou=orgunit2,ou=orgunit,o=org" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Sending operation result 0:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoCompare on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] compare: dn (cn=admingroup,ou=orgunit,o=org) attr (member) value (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
LDAP: [2007/04/14 21:55:37] Sending operation result 5:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoCompare on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] compare: dn (cn=novlxtier,ou=orgunit,o=org) attr (member) value (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
LDAP: [2007/04/14 21:55:37] DDCCompareAttributeEx failed, err = no such attribute (-603)
LDAP: [2007/04/14 21:55:37] Sending operation result 16:"":"NDS error: no such attribute (-603)" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoCompare on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] compare: dn (cn=everyone,o=org) attr (member) value (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
LDAP: [2007/04/14 21:55:37] Sending operation result 6:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] TLS read failure 5 on connection 0xce1d93c0, setting err = -5875. Error stack:
LDAP: [2007/04/14 21:55:37] Monitor 0xca found connection 0xce1d93c0 socket failure, err = -5875, 0 of 0 bytes read
LDAP: [2007/04/14 21:55:37] Monitor 0xca initiating close for connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Monitor 0xca initiating TLS handshake on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoTLSHandshake on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Completed TLS handshake on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoBind on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Treating simple bind with empty DN and no password as anonymous
LDAP: [2007/04/14 21:55:37] Bind name:NULL, version:3, authentication:simple
LDAP: [2007/04/14 21:55:37] Sending operation result 0:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoSearch on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Search request:
base: "o=org"
scope:2 dereference:0 sizelimit:0 timelimit:0 attrsonly:0
filter: "(uidNumber=2847)"
attribute: "uid"
attribute: "uidNumber"
attribute: "gidNumber"
attribute: "gecos"
attribute: "homeDirectory"
attribute: "loginShell"
attribute: "groupMembership"
007/04/14 21:55:37] Sending search result entry"cn=mirror,ou=orgunit2,ou=orgunit,o=org" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] Sending operation result 0:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoCompare on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] compare: dn (cn=admingroup,ou=orgunit,o=org) attr (member) value (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
LDAP: [2007/04/14 21:55:37] Sending operation result 5:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoCompare on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] compare: dn (cn=novlxtier,ou=orgunit,o=org) attr (member) value (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
LDAP: [2007/04/14 21:55:37] DDCCompareAttributeEx failed, err = no such attribute (-603)
LDAP: [2007/04/14 21:55:37] Sending operation result 16:"":"NDS error: no such attribute (-603)" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] DoCompare on connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] compare: dn (cn=everyone,o=org) attr (member) value (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
LDAP: [2007/04/14 21:55:37] Sending operation result 6:"":"" to connection 0xce1d93c0
LDAP: [2007/04/14 21:55:37] TLS read failure 5 on connection 0xce1d93c0, setting err = -5875. Error stack:
LDAP: [2007/04/14 21:55:37] Monitor 0xca found connection 0xce1d93c0 socket failure, err = -5875, 0 of 0 bytes read
LDAP: [2007/04/14 21:55:37] Monitor 0xca initiating close for connection 0xce1d93c0
Enable LDAP logging on the LDAP server
(100.100.100.100).
Edit the
Resolution
LDAP -5875 are typically cuased by an abnormal
termination of an LDAP client. In this case namcd
terminated abnormally so when the LDAP server tries to communicate
with namcd and cannot, the LDAP server generates -5875
errors.
Deleting the user the LDAP server was processing during
the -5875 errors (cn=mirror,ou=orgunit2,ou=orgunit,o=org)
corrected the problem.