Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1
- From: Tim Rice <tim [at] multitalents.net>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Reply-to: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Update nslcd.conf to avoid unnecessary looks up with local URI ldap://127.0.0.1
- Date: Tue, 11 Aug 2020 21:57:04 -0700 (PDT)
Hi Raviteja,
On Tue, 11 Aug 2020, Raviteja Bailapudi wrote:
> Hi Arthur
>
> When there is no LDAP configuration created on system, we Install default
> nscld.conf file from nss-pam-ldapd on system and start nslcd daemon,
If there is no LDAP configured, why are you even starting the nslcd
daemon?
> then we notice unnecessary nslcd LDAP lookups for all local groups for URI
> ldap://127.0.0.1.
> which causes unnecessary LDAP lookup failure traces for all local groups.
>
> nslcd[280]: [334873] <group/member="root"> failed to bind to LDAP server
> ldap://127.0.0.1/: Can't contact LDAP server
> nslcd[280]: [b0dc51] <group="priv-noaccess"> failed to bind to LDAP server
> ldap://127.0.0.1/: Can't contact LDAP server:
>
> I understand that using "nss_initgroups_ignoreusers ALLLOCAL" is only way to
> filter out these local group LDAP lookups.
> can we add this "nss_initgroups_ignoreusers ALLLOCAL" by default to
> nslcd.conf so that if anyone using default config
> avoids unnecessary LDAP lookups and traces as well?
>
> Thanks and Regards,
> Raviteja Bailapudi
> IBM Systems &Technology Lab, Firmware Development,
>
--
Tim Rice Multitalents
tim@multitalents.net
