Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Raviteja Bailapudi" <rbailapu [at] in.ibm.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org, arthur [at] arthurdejong.org
Subject: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1
Date: Tue, 11 Aug 2020 20:12:41 +0000

Hi Arthur

When there is no LDAP configuration created on system, we Install default nscld.conf file from nss-pam-ldapd on system and start nslcd daemon,

then we notice unnecessary nslcd LDAP lookups for all local groups for URI ldap://127.0.0.1.
which causes unnecessary LDAP lookup failure traces for all local groups.

nslcd[280]: [334873] <group/member="root"> failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server
nslcd[280]: [b0dc51] <group="priv-noaccess"> failed to bind to LDAP server ldap://127.0.0.1/: Can't contact LDAP server:

I understand that using "nss_initgroups_ignoreusers ALLLOCAL" is only way to filter out these local group LDAP lookups.
can we add this "nss_initgroups_ignoreusers ALLLOCAL" by default to nslcd.conf so that if anyone using default config
avoids unnecessary LDAP lookups and traces as well?

Thanks and Regards,
Raviteja Bailapudi
IBM Systems &Technology Lab, Firmware Development,

Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1, Raviteja Bailapudi

Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1, Trent W. Buck
Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1, Tim Rice

Prev by Date: Re: Umlauts support
Next by Date: Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1
Previous by thread: Re: Umlauts support
Next by thread: Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1