nsswitch and unavailable backends

[Eugene M. Zheganin]

Hi.

I'm trying to set up LDAP user authentication. I use bet/nss_ldap and 
security/pam_ldap ports to do this.
I'm doing this following the article from the documentation set. Though 
it's not that complete and misses some very important stuff, I've 
actually set up the LDAP installations and my users are able to 
successfully authenticate and log in on my servers.

Then I ran into some serious issue. :) When the LDAP server if 
off/unavailable, users cannot log in - I mean, even the local users.

nsswitch.conf:

group: files ldap
hosts: files dns
networks: files
passwd: files ldap
shells: files
services: files
protocols: files
rpc: files

If I remove ldap - all is fine, of course, besides the fact that this 
breaks the LDAP authentication.
I've read the nsswitch manual and saw that I can handle the unavailable 
LDAP server with some action flags, but the default action is 'continue' 
already. I also tried the [notfound=return unavail=return 
tryagain=return] mantra (it's harmless to try since it's the last 
backup) but this didn't work either.

sshd crashes with signal 11, crond does the same. Sad.

On a machine running LDAP server the situation is even funnier: the LDAP 
server, even having a local account to work under, still tries to query 
himself on start, making the startup impossible.

Can this situation be solved ?
Right now I remove 'ldap' backend, start the slapd, add ldap backends 
again and so on.

Thanks.