From owner-freebsd-stable@FreeBSD.ORG  Fri Sep  8 21:31:27 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6D68816A403
	for <freebsd-stable@freebsd.org>; Fri,  8 Sep 2006 21:31:27 +0000 (UTC)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AF85A43D45
	for <freebsd-stable@freebsd.org>; Fri,  8 Sep 2006 21:31:22 +0000 (GMT)
	(envelope-from freebsd-stable@m.gmane.org)
Received: from list by ciao.gmane.org with local (Exim 4.43)
	id 1GLnwS-00071m-LR
	for freebsd-stable@freebsd.org; Fri, 08 Sep 2006 23:31:16 +0200
Received: from cmung2781.cmu.carnet.hr ([193.198.138.241])
	by main.gmane.org with esmtp (Gmexim 0.1 (Debian))
	id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Fri, 08 Sep 2006 23:31:16 +0200
Received: from ivoras by cmung2781.cmu.carnet.hr with local (Gmexim 0.1
	(Debian)) id 1AlnuQ-0007hv-00
	for <freebsd-stable@freebsd.org>; Fri, 08 Sep 2006 23:31:16 +0200
X-Injected-Via-Gmane: http://gmane.org/
To: freebsd-stable@freebsd.org
From: Ivan Voras <ivoras@fer.hr>
Date: Fri, 08 Sep 2006 23:31:04 +0200
Lines: 22
Message-ID: <edsnen$7t9$1@sea.gmane.org>
References: <Pine.LNX.4.61.0609081031300.8744@baez.ucsf.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Complaints-To: usenet@sea.gmane.org
X-Gmane-NNTP-Posting-Host: cmung2781.cmu.carnet.hr
User-Agent: Thunderbird 1.5.0.5 (Windows/20060719)
In-Reply-To: <Pine.LNX.4.61.0609081031300.8744@baez.ucsf.edu>
Sender: news <news@sea.gmane.org>
Subject: Re: openldap/pam/nss issues on 6.1
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Sep 2006 21:31:27 -0000

Dirk Kleinhesselink wrote:

>    this immediately gives me the result.  It is something with the
>    pam or nss that is insisting on doing the port 389 first.

Have you edited the right configuration files? There are
/usr/local/etc/openldap/ldap.conf, /usr/local/etc/ldap.conf and
/usr/local/etc/nss_ldap.conf. I had trouble with ldaps until I provided
the whole certificate chain on the client side.

> 3) My freebsd client sshd when configured for ldap does signal 11
>    crashes.  My freebsd server has no problem with sshd and ldap.
>    If I turn off ldap and use NIS on the client, it works great.

Same here, but resolved after reinstalling everything. My guess is that
I've done something wrong when updating openldap-client to newest
version, including problems with compat libraries.

> Any help with these ?  I can deal with the slow startup, that's
> relatively minor, but 2 and 3 are more problematic for me.

The slow startup is really annoying.