cron and LDAP users

Hi,

we are using local cron with an LDAP user. After a reboot cron does not trigger the scripts configured in /etc/crontab for the ldapuser

          • LdapUser /home/ldapuser/script1.sh

After I restart cron and login/logout the user

#>su - LdapUser

cron trigger the Jobs.

Can anyone help to understand this behavior ?

*T

On 10/11/17 13:14, tbrinkmann wrote:
[color=blue]

we are using local cron with an LDAP user. After a reboot cron does not
trigger the scripts configured in /etc/crontab for the ldapuser

          • LdapUser /home/ldapuser/script1.sh

After I restart cron and login/logout the user

#>su - LdapUser

cron trigger the Jobs.

Can anyone help to understand this behavior ?[/color]

I can see from the web view of your post that this is SLES11 SP4. Is
there a corresponding cron error in /var/log/messages?

HTH.

Simon
SUSE Knowledge Partner


If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below. Thanks.

Along with Simon’s question, can you tell where cron is in the load order
relative to other things like the network? In addition, is your box using
static network configuration, or DHCP, or something that may slow down
actual acquisition of network information? If any of this is an issue you
could potentially delay cron startup by having it come later in the load
order, or by restarting it once in something like boot.local, etc.
Admittedly those are workarounds for timing issues.

Have you tried setting up the cron jobs as the user themselves? e.g. use
‘su’ to become the user and then run ‘crontab -e’ and setup the job in
there (without the user specification after the time spec) and see if that
behaves any differently.


Good luck.

If you find this post helpful and are logged into the web interface,
show your appreciation and click on the star below.

If you want to send me a private message, please let me know in the
forum as I do not use the web interface often.

Hi *T,

how are you accessing the LDAP accounts (PAM, sssd,…) and are these accounts on an OpenLDAP server or from within an AD? If it’s an OpenLDAP server, is it local to the machine?

It does sound as if the account is not available when crond is started - i.e. because of a not yet established access path to the LDAP directory server.

If you’re using sssd, you might mitigate the effect by activating account caching. If using PAM directly, you might look into your nscd configuration to establish the same effect.

Regards,
J

Hey there thanks for your suggestions,

sorry for the delay some other tasks gets a higher prior.

Lazy workaround, restart cron via cron after a boot.

I Will try to readjust it this week.

*T