Date: Tue, 24 Jan 2006 23:57:28 +0100 From: Dominique Goncalves <dominique.goncalves@gmail.com> To: "David F. Severski" <davidski@deadheaven.com> Cc: freebsd-stable@freebsd.org Subject: Re: Using [Open]LDAP for authentication Message-ID: <7daacbbe0601241457t2850a374xd7926556a86a91e1@mail.gmail.com> In-Reply-To: <7daacbbe0601241448o67680fedu5521d0aa5f3b42a0@mail.gmail.com> References: <200601201130.18872.doconnor@gsoft.com.au> <7daacbbe0601192341p32673972j8f309dff1df543aa@mail.gmail.com> <20060120154215.GA54284@dan.emsphone.com> <7daacbbe0601201008m7c650f4esedcd81921d0fd81e@mail.gmail.com> <20060120200149.GB54284@dan.emsphone.com> <20060124205621.GU69091@geoff.deadheaven.com> <7daacbbe0601241448o67680fedu5521d0aa5f3b42a0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 1/24/06, Dominique Goncalves <dominique.goncalves@gmail.com> wrote: > On 1/24/06, David F. Severski <davidski@deadheaven.com> wrote: > > On Fri, Jan 20, 2006 at 02:01:49PM -0600, Dan Nelson wrote: > > > Two, something is calling nanosleep. It's probably nss_ldap, which > > > looks like if it can't contact any of the configured ldap servers, > > > waits 4 seconds, then retries, doubling the wait period every time > > > until 64 seconds have elapsed, then it fails. Try putting > > > > > > nss_reconnect_tries 0 > > > nss_reconnect_maxconntries 0 > > > > > > in your /usr/local/etc/nss_ldap.conf file. > > > > I've been struggling with similar issues where slapd seems to hang at > > startup when using nss_ldap on the local system (all system accounts an= d > > groups are local, yet the group enumeration seems to cause the hang). > > Are these two settings documented anywhere for reference? I'm trying t= o > > understand how this interact with 'bind_policy soft', which I've also > > seen recommended. The nss_* settings don't seem documented in the stoc= k > > nss_ldap.conf.sample file. > > After some tests, using nss_ldap-1.389 instead of nss_ldap-1.444 seems > to solve hangs at startup and when slapd is down. > > Can you try nss_ldap-1.389 thanks to portdowngrade if these hangs are > still here ? Sorry, I mean nss_ldap-1.239 and nss_ldap-1.244. > > > Thanks for the help. > > > > David > > > > > > > > Regards. > > -- > There's this old saying: "Give a man a fish, feed him for a day. Teach > a man to fish, feed him for life." > -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7daacbbe0601241457t2850a374xd7926556a86a91e1>