Careful with bind9 and ldap

Sean McNeil sean at mcneil.com
Wed Sep 29 22:00:47 PDT 2004


My system has openldap setup with nsswitch.conf having group looking in
"files ldap".  This can cause a lockup with the named if you try to
restart it after openldap is up and running and if your hostname isn't
in /etc/hosts but served up by named.  It is along the same lines as the
long pause attempting to start openldap.

What is happening is that initgroups is being called by these programs. 
This will cause, for my setup, all groups in files (i.e. /etc/group) and
in ldap to be read.  When starting ldap it causes it to loop back on
itself and wait for a timeout.  When restarting named it causes a lookup
of the hostname.  If the hostname isn't available in files then it
checks dns.  This causes the lockup.

The solution for me was to place my hostname in /etc/hosts.  No more
lockups.

Cheers,
Sean

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-current/attachments/20040929/33941ab7/attachment.bin


More information about the freebsd-current mailing list