From owner-freebsd-questions@FreeBSD.ORG Sat Jun 10 01:14:16 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 95DFA16A418 for ; Sat, 10 Jun 2006 01:14:16 +0000 (UTC) (envelope-from ansarm@gmail.com) Received: from py-out-1112.google.com (py-out-1112.google.com [64.233.166.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 190EE43D72 for ; Sat, 10 Jun 2006 01:14:15 +0000 (GMT) (envelope-from ansarm@gmail.com) Received: by py-out-1112.google.com with SMTP id e30so1025878pya for ; Fri, 09 Jun 2006 18:14:15 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:from:to:subject:date:message-id:mime-version:content-type:content-transfer-encoding:x-mailer:thread-index:in-reply-to:x-mimeole; b=Nn65att1e9PzA95WwRNiYI45HP7czFTt/IuPi0zgQLlFTHr2xElSHZYr1KNzoKSM/+omqIAgBxBhIVUbC+up9C81H0TD96t88aBgsbjJtaLX8Mi1R0rQRAh6DLZ4VwJTbpYlHhRshgJKXShjUwpeKgQK2TbWfVPD3AK3VvQjqHs= Received: by 10.35.8.1 with SMTP id l1mr457023pyi; Fri, 09 Jun 2006 18:14:14 -0700 (PDT) Received: from ansarmm2 ( [65.95.7.77]) by mx.gmail.com with ESMTP id w25sm19682pyw.2006.06.09.18.14.13; Fri, 09 Jun 2006 18:14:13 -0700 (PDT) From: "Ansar Mohammed" To: "'Joe Shevland'" , "'FreeBSD Questions Mailing List'" Date: Fri, 9 Jun 2006 21:14:10 -0400 Message-ID: <000001c68c2b$2f178230$0405a8c0@northamerica.corp.microsoft.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook 11 Thread-Index: AcZ/zcNn4HIyo9lnSkSECw9n/h9hgAMDBjjw In-Reply-To: <44755DAD.50204@rowantreesoftware.com.au> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Cc: Subject: RE: nss_ldap and OpenLDAP client version X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Jun 2006 01:14:16 -0000 One of the more "undocumented" things here is to make sure that in your /usr/local/etc/nss_ldap.conf to make sure that your bind_polcy is soft. If not, you will have no end of problems if you ldap server goes down. Basically if you have in your nsswitch.conf: Passwd: files ldap Group: files ldap If your ldap server is down; nss_ldap keeps trying to reconnect and allot of apps just hang; (like top, ls -la etc) > -----Original Message----- > From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd- > questions@freebsd.org] On Behalf Of Joe Shevland > Sent: May 25, 2006 3:33 AM > To: freebsd-questions@freebsd.org > Subject: nss_ldap and OpenLDAP client version > > Hi, > > I'm about to setup my jails so they authenticate against the 'host' > server using OpenLDAP and nss_ldap, pam_ldap and so on. I've done this > before but wanted to repeat the process because last time it ended up > being so much fiddling that when I finished I just left it alone - this > time I'm documenting it :) I packaged up versions of the port for > OpenLDAP 2.3 (well, actually 2.4 but that looks to just use 2.3 in any > case) and then went to package up the nss_ldap port but its after > OpenLDAP 2.2 stuff... I guess my question is whether this is intentional > (i.e. security related), or just a port maintenance issue? I would've > thought between 2.2->2.3 there's been a few security advisories... I > only did a lazy lightning google and came across a few > (http://www.frsirt.com/english/advisories/2005/0947) is perhaps one. > > Anyway, just thought I'd check. As punishment, if this is a stupid > question or has been answered before, happy to write up a tutorial as I > go as penance. > > Cheers > Joe > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > unsubscribe@freebsd.org"