On Mon, Dec 18, 2006 at 12:54:35PM +0100, Christian Pinedo Zamalloa wrote:
> hi,
> 
> I'm a new netbsd user (very new) with some experience in GNU/Linux
> world. I have a NetBSD server running samba as Backup Domain Controller
> and an OpenLDAP server as slave.
> 
> I installed nss-ldap from pkgsrc and configure the nsswitch.conf as
> follow:
> 
> group:          files ldap
> passwd:         files ldap
> hosts:          files dns
> netgroup:       files [notfound=return] nis
> networks:       files
> shells:         files
> 
> I also attach the /usr/pkg/etc/nss_ldap.conf file:
> 
> base dc=x,dc=y,dc=z
> debug = 255
> logdir = /var/log/nss_ldap
> uri ldapi://%2fvar%2fopenldap%2frun%2fldapi ldaps://zzz.x.y.z
> ldap_version 3
> binddn cn=unix,ou=admins,dc=x,dc=y,dc=z
> bindpw ********
> rootbinddn cn=admin,ou=admins,dc=x,dc=y,dc=z
> timelimit 10
> bind_timelimit 5
> bind_policy soft
> pam_password crypt
> nss_base_passwd         ou=users,dc=x,dc=y,dc=z?one
> nss_base_passwd         ou=machines,dc=x,dc=y,dc=z?one
> nss_base_group          ou=groups,dc=x,dc=y,dc=z?one
> ssl on
> tls_cacertfile /usr/pkg/etc/ssl-certificates/cacert.crt
> 
> The problem I have is that when i want to execute a command as "ls -l",
> "id user", ... the system needs 17 seconds to respond if the user is a
> openldap user. If the user is defined in files the response is
> inmediate. However, searches with ldapsearch command are done well an
> quickly:
> 
> ldapsearch -H ldapi:///var/openldap/run/ldapi -D
> "cn=unix,ou=admins,dc=x,dc=y,dc=z" -W -b
> "ou=machines,dc=x,dc=y,dc=z" '(objectclass=*)'
> 
> The configuration used is similar to the configuration on a FreeBSD
> server and in this case works great. So i'm lost and i don't know where
> to find more.
> 
> Thanks,
> 

The configuration was fine, the error was "stupid" a bad resolv.conf
file where the first nameserver was bad and so the timeouts was produced
by DNS resolutions. Thanks,

-- 
Christian Pinedo Zamalloa