Using [Open]LDAP for authentication
Daniel O'Connor
doconnor at gsoft.com.au
Thu Jan 19 17:00:30 PST 2006
Hi,
I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap
(and samba). I use the RCORDER port option so it put the startup file
in /etc/rc.d.
In 5.4 this worked fine - it started up correctly and in the right place.
However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I
accidentally told it to delete the rc.d file (doh..) I then upgraded to a
slightly later version of openldap (a newer version of openldap23-server).
The problem now is that OpenLDAP appears to start very late, since lots of
things need to do nss_ldap lookups it means bootup is very glacial as they
timeout.
In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the SERVERS
requirement out of /etc/rc.d/slapd
I wonder if there should be another dummy rc.d file which marks where services
that supply passwd/group/etc information are available and then SERVERS can
depend on that (because a lot of servers need to be able to change to another
user ID after starting).
Then again maybe my nsswitch.conf is broken as I have..
group: ldap files
hosts: files dns
networks: files
passwd: ldap files
shells: files
Maybe I should swap files and ldap around.. Hmm I'll try that and see :)
Even if that does fix it, I think it would be good to be able to run OpenLDAP
as early as practical.
--
Daniel O'Connor software and network engineer
for Genesis Software - http://www.gsoft.com.au
"The nice thing about standards is that there
are so many of them to choose from."
-- Andrew Tanenbaum
GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060120/683f4334/attachment.bin
More information about the freebsd-stable
mailing list