Dear friends
I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify ldap in /etc/nsswitch.conf like
passwd files ldap shadow files ldap group files ldap
And then start my ldap server, it takes lots of time to start ldap server.
If i remove ldap from /etc/nsswitch.conf , it start immediately.
Can anyone suggest be any solution for this problem.
Thanks
* vishesh kumar linuxtovishesh@gmail.com [2009-11-25 10:25:07 +0530]:
Dear friends
I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify ldap in /etc/nsswitch.conf like
passwd files ldap shadow files ldap group files ldap
And then start my ldap server, it takes lots of time to start ldap server.
If i remove ldap from /etc/nsswitch.conf , it start immediately.
It is try resolv ldap user thru ldap, when ldap started. I don`t know how to do it in right way, I edit starting slapd scripts, which remove ldap record from nsswitch.conf before start and add it back afters start.
Anothe way make soft bind in nss_ldap (it`s in freebsd)
Can anyone suggest be any solution for this problem.
Thanks
Thanks putting following entries in /etc/nsswitch.conf done my job nss_reconnect_tries 3 nss_initgroups_ignoreusers root,ldap,named,haldaemon,radiusd,linux_admin
Thanks
On 11/25/09, alexs@ulgsm.ru alexs@ulgsm.ru wrote:
- vishesh kumar linuxtovishesh@gmail.com [2009-11-25 10:25:07 +0530]:
Dear friends
I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify ldap in /etc/nsswitch.conf like
passwd files ldap shadow files ldap group files ldap
And then start my ldap server, it takes lots of time to start ldap server.
If i remove ldap from /etc/nsswitch.conf , it start immediately.
It is try resolv ldap user thru ldap, when ldap started. I don`t know how to do it in right way, I edit starting slapd scripts, which remove ldap record from nsswitch.conf before start and add it back afters start.
Anothe way make soft bind in nss_ldap (it`s in freebsd)
Can anyone suggest be any solution for this problem.
Thanks
-- Email: alexs@ulgsm.ru Email/Jabber: alexs@ulgsm.ru
On Wednesday, 25 November 2009 05:55:07 vishesh kumar wrote:
Dear friends
I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify ldap in /etc/nsswitch.conf like
passwd files ldap shadow files ldap group files ldap
And then start my ldap server, it takes lots of time to start ldap server.
If i remove ldap from /etc/nsswitch.conf , it start immediately.
Can anyone suggest be any solution for this problem.
Easiest workaround is:
echo "bind_policy soft" >> /etc/ldap.conf
(Note, this is an nss_ldap issue, and delays during startup of a machine can be seen in the case where OpenLDAP is not running locally)
This occurs because, on boot, the server it checking all users for all groups, and this takes about a day (depending of your config). Another work-around, the one I opted for, is using the 'nss_initgroups_ignoreusers' in /etc/ldap.conf. At a minimum, you'll need 'root' in the list.
# work-around for the nsswitch group issue nss_reconnect_tries 3 nss_initgroups_ignoreusers root,ldap,named,haldaemon,radiusd,linux_admin
Thanks, Joe
----------------------------------------
From: bgmilne@staff.telkomsa.net To: openldap-technical@openldap.org Subject: Re: /etc/nsswitch cause delay in start Date: Wed, 25 Nov 2009 08:34:33 +0100 CC: linuxtovishesh@gmail.com
On Wednesday, 25 November 2009 05:55:07 vishesh kumar wrote:
Dear friends
I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify ldap in /etc/nsswitch.conf like
passwd files ldap shadow files ldap group files ldap
And then start my ldap server, it takes lots of time to start ldap server.
If i remove ldap from /etc/nsswitch.conf , it start immediately.
Can anyone suggest be any solution for this problem.
Easiest workaround is:
echo "bind_policy soft">> /etc/ldap.conf
(Note, this is an nss_ldap issue, and delays during startup of a machine can be seen in the case where OpenLDAP is not running locally)
_________________________________________________________________ Hotmail: Trusted email with Microsoft's powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141664/direct/01/ http://clk.atdmt.com/GBL/go/177141664/direct/01/
openldap-technical@openldap.org
-
alexs@ulgsm.ru -
Buchan Milne -
Joe Friedeggs -
vishesh kumar