Re: [nssldap] Login problem, when ldap servers are not available
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Login problem, when ldap servers are not available
- From: "Markus Moeller" <huaraz [at] moeller.plus.com>
- To: "Buchan Milne" <bgmilne [at] staff.telkomsa.net>
- Cc: <nssldap [at] padl.com>
- Subject: Re: [nssldap] Login problem, when ldap servers are not available
- Date: Thu, 10 Jul 2008 19:14:19 +0100
----- Original Message -----
From: "Buchan Milne" <bgmilne@staff.telkomsa.net>
To: "Markus Moeller" <huaraz@moeller.plus.com>
Cc: <nssldap@padl.com>
Sent: Wednesday, July 09, 2008 1:54 PM
Subject: Re: [nssldap] Login problem, when ldap servers are not available
On Wednesday 09 July 2008 10:52:10 Markus Moeller wrote:
I have problems with login on the console as root when the network is
down.
After password verification it halts and the I get a timeout and get
disconnected.
I am running Suse SLES 10 with:
ldap.conf
uri ldaps://ldapserver1 ldaps://ldapserver2
base ou=posix,dc=example,dc=com
ldap_version 3
binddn uid=admin,dc=example,dc=com
bindpw admin
timelimit 10
bind_timelimit 2
pam_password md5
nss_map_attribute uidnumber userid
nss_initgroups_ignoreusers root,ntp,nobody
IMHO, this ^^^ is the wrong fix. While there may be other issues, I would
personally use:
bind_policy soft
which should fix the same issue nss_initgroups_ignoreusers fixes, and fix
your
login timeout when LDAP servers are not available.
When I use bind_policy soft does it mean all servers in the list are tested
before giving up ? When will the client retry connections to the server ?
Will nscd need to be cleared and restarted when the ldap server is back ?
A nssswitch.conf with
passwd files ldap [UNAVAILABLE=return]
group files ldap [UNAVAILABLE=return]
seem to do the same. Is that OK too ?
Regards,
Buchan
Thank you
Markus