conflicts between slapd and nsswitch (SSL not working)

Francesco Gringoli francesco.gringoli at
Tue Apr 27 05:51:30 PDT 2004

Packages: openldap2(0,1)-server, nss-ldap

Hi all,

If slapd is configured to run as a user different than root (default 
and nsswitch is configured to search first in files and then in ldap and
the ldap server specified for nsswitch is different then this,
when slapd starts its SSL engine seems down:
although slapd binds on port 636, traffic on this
port is not SSL (try with openssl s_client and see
that no certificate is returned during the handshake,
really there is no handshake at all).
Note: slapd start normally as the user specified in slapd.conf,
it is possible to do search inside the ldap db,
nss-ldap is ok and userid and gid are those defined in the ldap db,
the SSL engine is off.

Note: if the ldap server specified for nsswitch is the same a time-out
occur, since the slapd calls getpwnam and the ldap module
cannot obtain anything. In this case the SSL engine is OK.


More information about the freebsd-ports mailing list