nss_ldap problem

David Magda dmagda at ee.ryerson.ca
Sat Mar 4 19:29:48 UTC 2006

On Mar 4, 2006, at 04:04, Frode Nordahl wrote:

>> /etc/nsswitch.conf
>> group: ldap files
>> hosts: files dns
>> networks: files
>> passwd: ldap files
>> shells: files
>> imap: ldap
> Why do you have "ldap" first? I would use "files ldap" in any case  
> so local changes can override the directory.

And if there's an issue with the network, things will slow down to a  
crawl when the system is waiting for the LDAP server to respond  
(which it won't, so you're waiting for the time out to occur).

Another scenario is when you boot up in single user mode: if you do  
an 'ls -l' the UIDs need to be looked up to display the usernames by  
default, so the passwd look up is performed, and since the network  
hasn't been brought up you're waiting for the timeout.

More information about the freebsd-stable mailing list