strange issue with cron and nss_ldap

Hello.

I found a strange issue with cron (vixie-cron, actually) being unable to
resolve users from ldap, despite nss being correctly configured.

I have a file in /etc/crond.d refering to an ldap user:
1 1 * * * mirror /usr/local/share/mirror/sync

When modifying this file, cron automatically detect it, reload it, and
fails to identify the user through nss, as demonstrated by this log excerpt:
Aug 20 14:45:01 b52 crond[1468]: nss_ldap: reconnecting to LDAP server
(sleeping 4 seconds)...
Aug 20 14:45:05 b52 crond[1468]: nss_ldap: reconnecting to LDAP server
(sleeping 8 seconds)...
Aug 20 14:45:13 b52 crond[1468]: nss_ldap: could not search LDAP server
- Server is unavailable
Aug 20 14:45:13 b52 crond[1468]: CRON: error in (/etc/cron.d/mirror)
problem is (bad username)

tcpdump show no network traffic to the ldap server at all. Adding 'debug
1' to /etc/ldap.conf doesn't get additional traces (I have to start
crond with debug flags, and everything works correctly in that case).
nscd is not running during the test, so it can not interfere. It is
running otherwise, but doesn't prevent the problem to appears.

--
BOFH excuse #409:

The vulcan-death-grip ping has been applied.

Guillaume Rousse a écrit :
> tcpdump show no network traffic to the ldap server at all. Adding 'debug
> 1' to /etc/ldap.conf doesn't get additional traces (I have to start
> crond with debug flags, and everything works correctly in that case).
> nscd is not running during the test, so it can not interfere. It is
> running otherwise, but doesn't prevent the problem to appears.
I forgot the following information:
- this is linux
- this is nss_ldap 262

And the relevant part of configuration:
# bind policy
bind_policy hard_open
nss_reconnect_tries 2

# agressive limits for failover
timelimit 2
bind_timelimit 2

--
BOFH excuse #287:

Telecommunications is downshifting.