NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: nsswitch.conf with nss_ldap

On Fri, Feb 19, 2010 at 09:36:59PM +0100, Matthias Pfaller wrote:

>>> I have met a problem, concerning nss_ldap usage - OpenLDAP slapd is running
>>> in unpriveledged mode, so at start it try to resolve '-u slapd' and catch
>>> itself - nss_ldap is trying to resolve, but slapd isn't yet ready. If 
>>> nss_ldap
>>> is turned in hard mode - this situation cause server to stall forever.
>>> Having user slapd in /etc/passwd, I tried to use nsswitch.conf entry as 
>>> follows:
>>> passwd: files [success=return] ldap
>>> But it really doesn't work. What usually people do to start it easily on 
>>> files and continue on ldap?
>> In general you can't use nss_ldap on the ldap server itself.
> You can. But you have to add
>        group:          files [success=return] ldap
>        passwd:         files [success=return] ldap
> to your /etc/nsswitch.conf and you must add
>        nss_initgroups_ignoreusers slapd,root
> to your /etc/openldap/ldap.conf (/usr/pkg/etc/nss_ldap.conf,  
> /usr/pkg/etc/pam_ldap.conf).

Thanks for solution, but why adding [success=return] if adding ignoreusers? 
Just curious.

Sincerelly yours

Home | Main Index | Thread Index | Old Index