Re: nsswitch.conf with nss_ldap

To: Matthias Pfaller <leo%marco.de@localhost>
Subject: Re: nsswitch.conf with nss_ldap
From: Dima Veselov <i%kab00m.ru@localhost>
Date: Fri, 19 Feb 2010 23:53:52 +0300

On Fri, Feb 19, 2010 at 09:36:59PM +0100, Matthias Pfaller wrote:

>>> I have met a problem, concerning nss_ldap usage - OpenLDAP slapd is running
>>> in unpriveledged mode, so at start it try to resolve '-u slapd' and catch
>>> itself - nss_ldap is trying to resolve, but slapd isn't yet ready. If 
>>> nss_ldap
>>> is turned in hard mode - this situation cause server to stall forever.
>>> Having user slapd in /etc/passwd, I tried to use nsswitch.conf entry as 
>>> follows:
>>>
>>> passwd: files [success=return] ldap
>>>
>>> But it really doesn't work. What usually people do to start it easily on 
>>> files and continue on ldap?
>>>
>>
>> In general you can't use nss_ldap on the ldap server itself.
>>
>
> You can. But you have to add
>
>        group:          files [success=return] ldap
>        passwd:         files [success=return] ldap
>
> to your /etc/nsswitch.conf and you must add
>
>        nss_initgroups_ignoreusers slapd,root
>
> to your /etc/openldap/ldap.conf (/usr/pkg/etc/nss_ldap.conf,  
> /usr/pkg/etc/pam_ldap.conf).

Thanks for solution, but why adding [success=return] if adding ignoreusers? 
Just curious.

-- 
Sincerelly yours

Follow-Ups:
- Re: nsswitch.conf with nss_ldap
  - From: Matthias Pfaller

References:
- nsswitch.conf with nss_ldap
  - From: Dima Veselov
- Re: nsswitch.conf with nss_ldap
  - From: matthew sporleder
- Re: nsswitch.conf with nss_ldap
  - From: Matthias Pfaller

Prev by Date: Re: nsswitch.conf with nss_ldap
Next by Date: Re: /dev on tmpfs and MAKEDEV overwritten by ./build.sh
Previous by Thread: Re: nsswitch.conf with nss_ldap
Next by Thread: Re: nsswitch.conf with nss_ldap
Indexes:

Home | Main Index | Thread Index | Old Index