Re: [nssldap] nss ldap under RHEL 5 does first connects configured ldap server and than does dns lookup and tries to connect random ldap servers

[Buchan Milne <bgmilne [at] mandriva.org>]

On Thursday, 12 November 2009 12:37:20 Thomas Glanzmann wrote:
> Hello,
> I have RHEL 5.3 nss_ldap connected to active directory. The
> configuration (/etc/ldap.conf) is the following:
>
> host 157.163.212.208
>
> bind_policy soft
>
> base DC=ww004,DC=glanzmann,DC=net
> ldap_version 3
>
> binddn
> CN=ADLDAPF,OU=ErlF,OU=User,OU=_CentralServices,DC=ww004,DC=glanzmann,DC=net
> bindpw geheim
>
> nss_base_passwd         DC=ww004,DC=glanzmann,DC=net?sub?uid=*
> nss_base_shadow         DC=ww004,DC=glanzmann,DC=net?sub?uid=*
> nss_base_group          DC=ww004,DC=glanzmann,DC=net?sub?gidNumber=*
>
> nss_map_objectclass posixAccount user
> nss_map_objectclass shadowAccount user
> nss_map_objectclass posixGroup group
>
> nss_map_attribute homeDirectory unixHomeDirectory
> nss_map_attribute gecos displayname
>
> nss_map_attribute group:cn displayName
> nss_map_attribute uniqueMember member
>
> schema rfc2307bis
>
> When I do a ,,getent passwd'' it shows the local users, the directory
> users, and than hangs. By sniffing the connection, I see that connectes
> to 157.163.212.208 does, search, gets the answer and even lists the
> users. But than it does a DNS lookup for
>
>         DomainDnsZones.ww004.glanzmann.net
>
> And tries to connect these servers which results into a hang because there
> is a firewall in place which makes it impossible to connect the machines.
> Is there a way to get rid of this annoying behaviour using a configuration
> option or do I have to rebuild nss ldap?

Try adding:

referrals no

(I am not sure if it would be enabled or not, but it looks like it is chasing 
referrals, and setting this should stop it).

Regards,
Buchan