Date: Tue, 13 Mar 2007 07:58:05 +0900 From: "Daniel Marsh" <jahilliya@gmail.com> To: "Gerhard Schmidt" <estartu@augusta.de> Cc: freebsd-questions@freebsd.org Subject: Re: nss_ldap and openldap on the same server. Message-ID: <ba5e78ea0703121558r531dc56dmb42a186364414624@mail.gmail.com> In-Reply-To: <20070312141915.GA1842@augusta.de> References: <20070312141915.GA1842@augusta.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/12/07, Gerhard Schmidt <estartu@augusta.de> wrote: > > Hi, > > I have a small problem. On my central server we run an openldap server > that > contains the userdata for some systems. An the server uses this ldap > server for authentication and nss. The problem is that when the server is > booting slapd takes a very long time to start up. I think it's trying to > get an answer from ldap for the user ldap. But user ldap is in /etc/passwd > and in /etc/groups > > My nsswitch.conf looks like this. > > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files > > The system comes up but takes very long to do so (i think it's somekind of > timeout) > Mar 12 14:58:23 phobos slapd[584]: nss_ldap: could not search LDAP server > - Server is unavailable > > As I see it, nss asks all sources even if the frist one allready knows the > answer. Is there a way to change this. > I've run into this very same problem... but the way I got around it was putting OpenLDAP in a jail all by its lonesome and making sure that jail would start before anything on the host system would start that may need LDAP... (effectively meaning the LDAP server is a different "machine")
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ba5e78ea0703121558r531dc56dmb42a186364414624>