From owner-freebsd-questions@FreeBSD.ORG Thu Apr 20 22:14:26 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F32A16A402 for ; Thu, 20 Apr 2006 22:14:26 +0000 (UTC) (envelope-from martin@orbweavers.co.uk) Received: from mail.orbweavers.co.uk (213-152-38-100.dsl.eclipse.net.uk [213.152.38.100]) by mx1.FreeBSD.org (Postfix) with ESMTP id C91F743D45 for ; Thu, 20 Apr 2006 22:14:25 +0000 (GMT) (envelope-from martin@orbweavers.co.uk) Received: from cube.orbweavers.co.uk (unknown [192.168.0.203]) by mail.orbweavers.co.uk (Postfix) with ESMTP id 95524B29E5 for ; Thu, 20 Apr 2006 23:14:23 +0100 (BST) From: martin mccann To: freebsd-questions@freebsd.org Date: Thu, 20 Apr 2006 23:24:16 +0100 User-Agent: KMail/1.8.2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200604202324.17244.martin@orbweavers.co.uk> Subject: nss_ldap/pam_ldap: problems binding X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 20 Apr 2006 22:14:26 -0000 Hi, I've been trying to get my ldap authentication working, something I have done before with little issue, but this time around it is causing real pain. Pretty much the same problems Jan HREHO was having back in Febuary - http://lists.freebsd.org/pipermail/freebsd-questions/2006-February/112066.html I tried the suggested solution to that - moving the slapd startup script into /etc/rc.d, but that didn't help, same problem just further up in the boot process. Another possibility I came across was putting the line 'bind_policy soft' in /etc/ldap.conf (symlinked to /usr/local/etc/ldap.conf & /usr/local/etc/nss_ldap.conf). This seemed to do the job, until I then tried to ssh onto localhost using an ldap user account. It failed with Apr 19 22:48:10 svr1 sshd[660]: nss_ldap: could not search LDAP server - Server is unavailable Apr 19 22:48:10 svr1 sshd[660]: fatal: login_get_lastlog: Cannot find account for uid 2000 Removing the bind_policy from the file then retrying, it worked fine. The second solution I tried was to change the slapd.sh file to just launch the deamon i.e. '/usr/local/libexec/slapd'. This seems to work, but it is very unelegent, and it may have knock on effects I am unaware of at this time. I'm more interested in getting the process right to set it up at this stage, rather than hacking away to get a working system (I'm working on a series of documents). I'm doing this on a virgin 6.0 installation, cvsuped with the latest ports, fresh install of openldap22, pam_ldap and nss_ldap. So the question is, is this a common problem, if not then what I am doing wrong to create it, if so then is there a more elequent solutions than hacking away at the startup script? The thread that suggests the bind_policy also mentions 'nss_reconnect_* parameters', which certainly sounds like it could be the answer, but I havn't been able to google anything about them. Cheers, Martin