conflicts between slapd and nsswitch (SSL not working)

Oliver Eikemeier eikemeier at
Tue Apr 27 13:20:08 UTC 2004

Francesco Gringoli wrote:

> Packages: openldap2(0,1)-server, nss-ldap
> Hi all,
> If slapd is configured to run as a user different than root (default 
> config)
> and nsswitch is configured to search first in files and then in ldap and
> the ldap server specified for nsswitch is different then this,
> when slapd starts its SSL engine seems down:
> although slapd binds on port 636, traffic on this
> port is not SSL (try with openssl s_client and see
> that no certificate is returned during the handshake,
> really there is no handshake at all).
> Note: slapd start normally as the user specified in slapd.conf,
> it is possible to do search inside the ldap db,
> nss-ldap is ok and userid and gid are those defined in the ldap db,
> the SSL engine is off.
> Note: if the ldap server specified for nsswitch is the same a time-out
> occur, since the slapd calls getpwnam and the ldap module
> cannot obtain anything. In this case the SSL engine is OK.

What do you mean with `different' and `same' specified server?

Also, some more iforemation would be useful, like
  uname -a
  ldd /usr/local/libexec/slapd
  ps auxwww | grep slapd
  cat /usr/local/etc/openldap/slapd.conf
  cat /usr/local/etc/nss_ldap.conf


More information about the freebsd-ports-bugs mailing list