Using [Open]LDAP for authentication
David F. Severski
davidski at deadheaven.com
Tue Jan 24 12:56:00 PST 2006
On Fri, Jan 20, 2006 at 02:01:49PM -0600, Dan Nelson wrote:
> Two, something is calling nanosleep. It's probably nss_ldap, which
> looks like if it can't contact any of the configured ldap servers,
> waits 4 seconds, then retries, doubling the wait period every time
> until 64 seconds have elapsed, then it fails. Try putting
>
> nss_reconnect_tries 0
> nss_reconnect_maxconntries 0
>
> in your /usr/local/etc/nss_ldap.conf file.
I've been struggling with similar issues where slapd seems to hang at
startup when using nss_ldap on the local system (all system accounts and
groups are local, yet the group enumeration seems to cause the hang).
Are these two settings documented anywhere for reference? I'm trying to
understand how this interact with 'bind_policy soft', which I've also
seen recommended. The nss_* settings don't seem documented in the stock
nss_ldap.conf.sample file.
Thanks for the help.
David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 163 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060124/0f6502d4/attachment.bin
More information about the freebsd-stable
mailing list