Kenneth Holter
2009-Jan-08 13:18 UTC
[Puppet Users] Puppet client hangs if LDAP server is not accessible
Hi. I''ve noticed that on servers that are both puppet and LDAP clients, the puppet client will hang if the LDAP server is not reachable. Does anyone know what the reason for this is? Regards, Kenneth Holter --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Luke Kanies
2009-Jan-08 15:51 UTC
[Puppet Users] Re: Puppet client hangs if LDAP server is not accessible
On Jan 8, 2009, at 7:18 AM, Kenneth Holter wrote:> > Hi. > > > I''ve noticed that on servers that are both puppet and LDAP clients, > the puppet client will hang if the LDAP server is not reachable. Does > anyone know what the reason for this is?I''d expect everything on the server to hang in that case; Puppet, like most applications, does things like get usernames for directory listings, and if that process hangs, then Puppet hangs. -- Real freedom lies in wildness, not in civilization. -- Charles Lindbergh --------------------------------------------------------------------- Luke Kanies | http://reductivelabs.com | http://madstop.com --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Adam Jacob
2009-Jan-08 17:35 UTC
[Puppet Users] Re: Puppet client hangs if LDAP server is not accessible
On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote:> I''ve noticed that on servers that are both puppet and LDAP clients, > the puppet client will hang if the LDAP server is not reachable. Does > anyone know what the reason for this is?You should start using nscd (or your platform equivilant,) which will at least allow your name service lookups to complete. If you are using OpenLDAP, ensure that you have soft_bind set on the clients. If you are using nss_ldap, I recommend looking at nss_ldapd (http://ch.tudelft.nl/~arthur/nss-ldapd/design.html ) as a super nice replacement. Regards, Adam --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Kenneth Holter
2009-Jan-09 10:38 UTC
[Puppet Users] Re: Puppet client hangs if LDAP server is not accessible
Thanks for the advice. Regarding the soft_bind option for openldap: I can''t seem to find any documentation for this option. Do you have a link to a site describing this? On 1/8/09, Adam Jacob <adam@hjksolutions.com> wrote:> > On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote: > > I''ve noticed that on servers that are both puppet and LDAP clients, > > the puppet client will hang if the LDAP server is not reachable. Does > > anyone know what the reason for this is? > > You should start using nscd (or your platform equivilant,) which will > at least allow your name service lookups to complete. If you are > using OpenLDAP, ensure that you have soft_bind set on the clients. > > If you are using nss_ldap, I recommend looking at nss_ldapd (http://ch.tudelft.nl/~arthur/nss-ldapd/design.html > ) as a super nice replacement. > > Regards, > Adam > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Jason Rojas
2009-Jan-09 10:42 UTC
[Puppet Users] Re: Puppet client hangs if LDAP server is not accessible
Look up bind_policy not soft_bind. This gives a good description: http://www.nabble.com/Re%3A-nss_ldap-and-udevd-p3202151.html -Jason On Jan 9, 2009, at 2:38 AM, Kenneth Holter wrote:> > Thanks for the advice. Regarding the soft_bind option for openldap: I > can''t seem to find any documentation for this option. Do you have a > link to a site describing this? > > On 1/8/09, Adam Jacob <adam@hjksolutions.com> wrote: >> >> On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote: >>> I''ve noticed that on servers that are both puppet and LDAP clients, >>> the puppet client will hang if the LDAP server is not reachable. >>> Does >>> anyone know what the reason for this is? >> >> You should start using nscd (or your platform equivilant,) which will >> at least allow your name service lookups to complete. If you are >> using OpenLDAP, ensure that you have soft_bind set on the clients. >> >> If you are using nss_ldap, I recommend looking at nss_ldapd (http://ch.tudelft.nl/~arthur/nss-ldapd/design.html >> ) as a super nice replacement. >> >> Regards, >> Adam >> >>> >> > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Kenneth Holter
2009-Jan-09 12:53 UTC
[Puppet Users] Re: Puppet client hangs if LDAP server is not accessible
Thanks, I''ll add it to my config file. On 1/9/09, Jason Rojas <jason@nothingbeatsaduck.com> wrote:> > > Look up bind_policy not soft_bind. This gives a good description: > > http://www.nabble.com/Re%3A-nss_ldap-and-udevd-p3202151.html > > -Jason > On Jan 9, 2009, at 2:38 AM, Kenneth Holter wrote: > > > > > Thanks for the advice. Regarding the soft_bind option for openldap: I > > can''t seem to find any documentation for this option. Do you have a > > link to a site describing this? > > > > On 1/8/09, Adam Jacob <adam@hjksolutions.com> wrote: > >> > >> On Jan 8, 2009, at 5:18 AM, Kenneth Holter wrote: > >>> I''ve noticed that on servers that are both puppet and LDAP clients, > >>> the puppet client will hang if the LDAP server is not reachable. > >>> Does > >>> anyone know what the reason for this is? > >> > >> You should start using nscd (or your platform equivilant,) which will > >> at least allow your name service lookups to complete. If you are > >> using OpenLDAP, ensure that you have soft_bind set on the clients. > >> > >> If you are using nss_ldap, I recommend looking at nss_ldapd ( > http://ch.tudelft.nl/~arthur/nss-ldapd/design.html > >> ) as a super nice replacement. > >> > >> Regards, > >> Adam > >> > >>> > >> > > > > > > > > > > > >--~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Puppet Users" group. To post to this group, send email to puppet-users@googlegroups.com To unsubscribe from this group, send email to puppet-users+unsubscribe@googlegroups.com For more options, visit this group at http://groups.google.com/group/puppet-users?hl=en -~----------~----~----~----~------~----~------~--~---
Possibly Parallel Threads
- OpenSUSE 11.1 with OpenLDAP => some surprises (ldap.conf, nss-ldap.conf, nsswitch.conf)
- LDAP users/groups not showing up with nis, pam, & ldap
- Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
- Is anyone using C7 in production yet? (sssd, nss-pam-ldapd, kerberos, etc)
- multi home dir locations