nsswitch.conf with ldap

[Dan Nelson]

In the last episode (May 08), Atom Powers said:
> On 5/8/06, Z.C.B. <vvelox at vvelox.net> wrote:
> >> I don't know if it will help your problem, I'm struggling through
> >> my own pam/nss/ldap issues, but it is a part of the picture.
> >
> >I am curious. Do you run into problems with SSH and xterm, but
> >everything else works? That is what I am currently hitting.
> >
> >initgroups(kitsune,1001): Invalid argument

man initgroups:

    ERRORS
        The initgroups() function may fail and set errno for any of the
        errors specified for the library function setgroups(2).

man setgroups:

    [EINVAL] The number specified in the ngroups argument is larger
             than the NGROUPS limit.

Either get out of some groups, or raise NGROUPS (this may affect NFS
though).

> > Is what it is kicking into /var/log/messages. That is right after I
> > authenticate.
> 
> No, my problem is with local login when the LDAP server is
> unavailable. It hangs for about two minutes before logging in. I
> think I've tracked this down to an nss timeout somewhere.

Newer version of nss_ldap have timeout veriables to adjust this, but
your best solution would be to set up another ldap server and put them
both in your ldap.conf so you'll never be without one.

-- 
	Dan Nelson
	dnelson at allantgroup.com