Saturday, February 5, 2011

Troubleshooting: dbus-daemon nss_ldap failed to bind to LDAP server

While installing Debian OpenLDAP client with Kerberos (see here) on Gnome desktop you might experience the following errors in auth.log.
dbus-daemon: GSSAPI Error: Unspecified GSS failure.  Minor code may provide more information (Credentials cache file '/tmp/krb5cc_101' not found)
dbus-daemon: nss_ldap: failed to bind to LDAP server ldap:// Local error
dbus-daemon: nss_ldap: could not search LDAP server - Server is unavailable
At the same time you will might see a number of errors reported by slapd:
slapd: conn=2806 op=0 UNBIND
slapd: conn=2806 fd=27 closed
slapd: conn=2807 fd=27 ACCEPT from IP=192.168.XX.XXX:XXXXX (IP=
The problem is related to parallel boot of your system. By default dbus and nscd are started in parallel, the problem appears when dbus is launched before nscd daemon. In order to fix that you need to change boot sequence. Make sure you have the following in /etc/init.d/dbus (notice line Should-Start):
# Provides:          dbus
# Should-Start:      nscd
# Required-Start:    $remote_fs $syslog
Once above is done simple re-enable dbus service so it updates everything necessary:
rcconf --off dbus ; rcconf --on dbus
Notice changes in /etc/rc2.d:
# ls /etc/rc2.d/
S17nscd ... S18dbus
You need restart your computer (or at least restart dbus daemon) in order changes take place.

1 comment :

  1. Thanks for the blog. You got it right, it was a matter of how and when do certain services start, at boot.
    We had this kind of problem and it took us more than two weeks to discover the root cause.
    On ubuntu 10.04 LTS the problem is quite more tricky to solve, since you have DBUS and other stuff managed by upstart, while nscd is still relying on symlinks.
    We had to disable the symlinks, modify the dbus.conf upstart file to depend on nscd and then create a custom nscd upstart file!
    This is just for reference, in case you or something else is going to stumble upon this kind of problem.
    This is the thread on linuxquestions:

    Cheers! :D