Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 9 Jun 2006 21:14:10 -0400
From:      "Ansar Mohammed" <>
To:        "'Joe Shevland'" <>, "'FreeBSD Questions Mailing List'" <>
Subject:   RE: nss_ldap and OpenLDAP client version
Message-ID:  <000001c68c2b$2f178230$>
In-Reply-To: <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
One of the more "undocumented" things here is to make sure that in your
/usr/local/etc/nss_ldap.conf to make sure that your bind_polcy is soft. 

If not, you will have no end of problems if you ldap server goes down. 

Basically if you have in your nsswitch.conf:

Passwd: files ldap
Group: files ldap

If your ldap server is down; nss_ldap keeps trying to reconnect and allot of
apps just hang; (like top, ls -la etc)

> -----Original Message-----
> From: [mailto:owner-freebsd-
>] On Behalf Of Joe Shevland
> Sent: May 25, 2006 3:33 AM
> To:
> Subject: nss_ldap and OpenLDAP client version
> Hi,
> I'm about to setup my jails so they authenticate against the 'host'
> server using OpenLDAP and nss_ldap, pam_ldap and so on. I've done this
> before but wanted to repeat the process because last time it ended up
> being so much fiddling that when I finished I just left it alone - this
> time I'm documenting it :) I packaged up versions of the port for
> OpenLDAP 2.3 (well, actually 2.4 but that looks to just use 2.3 in any
> case) and then went to package up the nss_ldap port but its after
> OpenLDAP 2.2 stuff... I guess my question is whether this is intentional
> (i.e. security related), or just a port maintenance issue? I would've
> thought between 2.2->2.3 there's been a few security advisories... I
> only did a lazy lightning google and came across a few
> ( is perhaps one.
> Anyway, just thought I'd check. As punishment, if this is a stupid
> question or has been answered before, happy to write up a tutorial as I
> go as penance.
> Cheers
> Joe
> _______________________________________________
> mailing list
> To unsubscribe, send any mail to "freebsd-questions-

Want to link to this message? Use this URL: <$2f178230$0405a8c0>