Date: Mon, 6 Mar 2006 10:41:05 +0300 From: Dmitriy Kirhlarov <dimma@higis.ru> To: freebsd-stable@freebsd.org Subject: Re: nss_ldap problem Message-ID: <20060306074105.GB780@dimma.mow.oilspace.com> In-Reply-To: <845C4D29-2B82-47D5-B6AD-5BC118BDAF34@ee.ryerson.ca> References: <20060226081431.GA813@dimma.mow.oilspace.com> <6F9C5982-E3FB-4EC2-9890-D685F2ABCC34@nordahl.net> <845C4D29-2B82-47D5-B6AD-5BC118BDAF34@ee.ryerson.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, Mar 04, 2006 at 02:29:44PM -0500, David Magda wrote:
>
> On Mar 4, 2006, at 04:04, Frode Nordahl wrote:
>
> >>/etc/nsswitch.conf
> >>group: ldap files
> >>hosts: files dns
> >>networks: files
> >>passwd: ldap files
> >>shells: files
> >>imap: ldap
> >
> >Why do you have "ldap" first? I would use "files ldap" in any case so local changes
> >can override the directory.
>
> And if there's an issue with the network, things will slow down to a crawl when the
> system is waiting for the LDAP server to respond (which it won't, so you're waiting
> for the time out to occur).
Using this params in /usr/local/etc/{nss_,}ldap.conf can help:
bind_timelimit 4
bind_policy soft
idle_timelimit 8
WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060306074105.GB780>