[Working fix] Problems combining nss_ldap/pam_ldap with
pam_mkhomedir in FreeBSD 7.0
db at danielbond.org
Wed Mar 19 04:48:29 PDT 2008
-----BEGIN PGP SIGNED MESSAGE-----
Dmitriy Kirhlarov wrote:
| Daniel Bond wrote:
|> I'm pretty sure my ldap.conf and nsswitch.conf are OK, but here they are
|> /usr/local/etc/nss_ldap.conf -> openldap/ldap.conf
|> /usr/local/etc/ldap.conf -> openldap/ldap.conf
| I'm not sure is it correct.
| etc/ldap.conf and etc/openldap/ldap.conf -- different files for
| different purposes.
| etc/nss_ldap.conf -> etc/ldap.conf -- it's correct.
The ldap.conf file is only used for nss_ldap and pam_ldap, so I don't
suppose it really matters where the config-file resides.
|> port 389
|> ldap_version 3
|> bind_policy soft
| Try replace to
| bind_policy hard
| Developers doesn't like "soft". I don't know why, but it periodically
| it's broken in new versions nss_ldap (2 time for last 3 years AFAIR).
| I'm not sure about current status. It must be tested.
You are absolutely correct, when I change *bind_policy* to *hard*, the
problem goes away, nss_ldap stops whining about contacting server in
/var/log/auth.log. SSH with pubkey-exchange or password authentication
also works with bind_policy hard.
Allthough it would be nice to have "bind_policy soft" working properly
(I'm still interested in fixing this if I can manage to track it down),
this is a sollution I'm quite happy with, and seems to work well. Thanks!
| Also try
| echo "debug 9" >> /usr/local/etc/ldap.conf
| For details see
| slapd.conf(5) about loglevel
| freebsd-stable at freebsd.org mailing list
| To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
Cheers and happy easter,
Network Solutions Norway.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the freebsd-stable