[nssldap] No timeout for nss_ldap?

[Thomas Kirchtag <tkircht [at] ipodion.at>]

My problem is that, when using libnss_ldap (Debian 4.0/OpenLDAP 2.3.30) 
every failure in the network link results in blocking all machines.
My setup looks like this:

-------
/etc/libnss_ldap.conf
URI ldaps://ldap.ipodion.at:636
base dc=int,dc=ipodion,dc=at
bind_timelimit 5
-------

bind_timelimit didn't show any effect, probably due to the ldap client 
libs..

-------
/etc/nsswitch.conf
passwd:         compat ldap
group:          compat ldap
shadow:         compat ldap
[...]
-------

I tried both files and compat but without seeing any difference

nscd ist off on both client and server machine.

Using this setup everything seems to work perfectly. Simulating  a 
network failure by changing URI ldaps://ldap.ipodion.at:636 to URI 
ldaps://xxxldap.ipodion.at:636 results in "getent passwd" displaying the 
local users and then hanging for a long time (I never waited long 
enought but at least 20 minutes).
Any login attempts to that machine fail as well... i.e. hang 
indefinitely....

I cannot believe that I can't find a solution to this probably simple 
but serious problem.

--
=========================================================
iPodion GmbH
Rotensterngasse 20/3
A-1020 Wien, Austria
Mobil: +43-660-216 32 98
Tel.:+43-1-216 32 98-0      office [at] iPodion.at
Fax: +43-1-216 32 98-28     http://www.iPodion.at
=========================================================
Achtung: Bitte beachten Sie meine neue 
        Telefonnummer: 0660/2163298

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature