This occurs because, on boot, the server it checking all users for all groups, and this
takes about a day (depending of your config). Another work-around, the one I opted for,
is using the 'nss_initgroups_ignoreusers' in /etc/ldap.conf. At a minimum,
you'll need 'root' in the list.
# work-around for the nsswitch group issue
Subject: Re: /etc/nsswitch cause delay in start
Date: Wed, 25 Nov 2009 08:34:33 +0100
On Wednesday, 25 November 2009 05:55:07 vishesh kumar wrote:
> Dear friends
> I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify
> ldap in /etc/nsswitch.conf like
> passwd files ldap
> shadow files ldap
> group files ldap
> And then start my ldap server, it takes lots of time to start ldap server.
> If i remove ldap from /etc/nsswitch.conf , it start immediately.
> Can anyone suggest be any solution for this problem.
Easiest workaround is:
echo "bind_policy soft">> /etc/ldap.conf
(Note, this is an nss_ldap issue, and delays during startup of a machine can
be seen in the case where OpenLDAP is not running locally)
Hotmail: Trusted email with Microsoft's powerful SPAM protection.