From owner-freebsd-questions@FreeBSD.ORG  Tue Mar 13 08:10:11 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52])
	by hub.freebsd.org (Postfix) with ESMTP id 462D216A400
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Mar 2007 08:10:11 +0000 (UTC)
	(envelope-from pietro.cerutti@gmail.com)
Received: from an-out-0708.google.com (an-out-0708.google.com [209.85.132.251])
	by mx1.freebsd.org (Postfix) with ESMTP id 0A2B113C457
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Mar 2007 08:10:10 +0000 (UTC)
	(envelope-from pietro.cerutti@gmail.com)
Received: by an-out-0708.google.com with SMTP id c24so1635346ana
	for <freebsd-questions@freebsd.org>;
	Tue, 13 Mar 2007 01:10:10 -0700 (PDT)
DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta;
	h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=bbqhljmjMlPL3ufAKDCNKV6+0c7vd95nzKFsPpj1E2tGB4HgwJG/sQWjTc5hNUSFjNjm1pzpbVcBhyJ+MRhV8UTpdUUmPfAQ9wCxyPJuUE6zGp3zKBiDfrLKZ0pGyfAh78JLIKvOm1utWIj063slXgxLjLN7hmMJCJakB1oQqv4=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta;
	h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references;
	b=M3S2pe1N/Nrow/GjE/r19HQAUBLPw9pdXSWn61lS/v35ZZQ/xgexxPLgkHmZtsLLk+tTG52bjxd1SM6GDtIrAs6npvVZR/S8waQoJ810LgY8/HVBei8g0AI8rqMwm7mI0sSuYYuHYK/gGImFfv7ZHX9aqDr7PSJjSMJY8EpDXNg=
Received: by 10.100.144.11 with SMTP id r11mr484252and.1173773410382;
	Tue, 13 Mar 2007 01:10:10 -0700 (PDT)
Received: by 10.100.111.5 with HTTP; Tue, 13 Mar 2007 01:10:10 -0700 (PDT)
Message-ID: <e572718c0703130110r5ac12e17l4b47c27d2d736ad0@mail.gmail.com>
Date: Tue, 13 Mar 2007 09:10:10 +0100
From: "Pietro Cerutti" <pietro.cerutti@gmail.com>
To: "Jonathan McKeown" <jonathan@hst.org.za>, 
	"Gerhard Schmidt" <estartu@augusta.de>, 
	"FreeBSD Users Questions" <freebsd-questions@freebsd.org>
In-Reply-To: <200703131001.10355.jonathan@hst.org.za>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20070312141915.GA1842@augusta.de>
	<e572718c0703121607n57d1c28co915638069262042a@mail.gmail.com>
	<20070313071641.GA18856@augusta.de>
	<200703131001.10355.jonathan@hst.org.za>
Cc: 
Subject: Re: nss_ldap and openldap on the same server.
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Mar 2007 08:10:11 -0000

On 3/13/07, Jonathan McKeown <jonathan@hst.org.za> wrote:
>
> The only ``workaround'' I've seen suggested is the parameter introduced
> recently in nss_ldap:
>
> nss_initgroups_ignoreusers

Right, now I remember that once I had this problem too...
Another workaround would be to have two different nsswitch.conf files,
one with and another without the ldap database entry, and then switch
between them as part of ldap start / stop routines.

- your system has the nsswitch.conf w/out ldap by default
- when ldap starts, it substitutes it with the nsswitch.ch file w/ ldap entries
- when ldap stops, it restores the original file

> Jonathan


-- 
Pietro Cerutti

- ASCII Ribbon Campaign -
 against HTML e-mail and
 proprietary attachments
   www.asciiribbon.org