From owner-freebsd-stable@FreeBSD.ORG  Mon Jul 10 13:27:44 2006
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
X-Original-To: freebsd-stable@freebsd.org
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id DB96D16A4DA
	for <freebsd-stable@freebsd.org>; Mon, 10 Jul 2006 13:27:44 +0000 (UTC)
	(envelope-from e-masson@kisoft-services.com)
Received: from kraid.nerim.net (smtp-101-monday.nerim.net [62.4.16.101])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5505C43D46
	for <freebsd-stable@freebsd.org>; Mon, 10 Jul 2006 13:27:43 +0000 (GMT)
	(envelope-from e-masson@kisoft-services.com)
Received: from srvbsdnanssv.interne.kisoft-services.com (kisoft.net1.nerim.net
	[62.212.107.51])
	by kraid.nerim.net (Postfix) with ESMTP id 693764106D;
	Mon, 10 Jul 2006 15:27:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by srvbsdnanssv.interne.kisoft-services.com (Postfix) with ESMTP id
	F15B9C8D2; Mon, 10 Jul 2006 15:27:43 +0200 (CEST)
X-Virus-Scanned: amavisd-new at interne.kisoft-services.com
Received: from srvbsdnanssv.interne.kisoft-services.com ([127.0.0.1])
	by localhost (srvbsdnanssv.interne.kisoft-services.com [127.0.0.1])
	(amavisd-new, port 10024)
	with ESMTP id rvuRtpun8SFq; Mon, 10 Jul 2006 15:27:39 +0200 (CEST)
Received: by srvbsdnanssv.interne.kisoft-services.com (Postfix,
	from userid 1001)
	id 61F4DC8D0; Mon, 10 Jul 2006 15:27:39 +0200 (CEST)
To: Dominik Zalewski <dzalewski@open-craft.com>
From: Eric Masson <e-masson@kisoft-services.com>
In-Reply-To: <200607101600.56911.dzalewski@open-craft.com> (Dominik Zalewski's
	message of "Mon, 10 Jul 2006 16:00:56 +0300")
References: <200607101327.23403.dzalewski@open-craft.com>
	<200607102113.14004.doconnor@gsoft.com.au>
	<200607101600.56911.dzalewski@open-craft.com>
X-Operating-System: FreeBSD 5.5-RELEASE-p1 i386
Date: Mon, 10 Jul 2006 15:27:39 +0200
Message-ID: <86fyh9tws4.fsf@srvbsdnanssv.interne.kisoft-services.com>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.5-b27 (berkeley-unix)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-15
Content-Transfer-Encoding: 8bit
Cc: freebsd-stable@freebsd.org,
	"UEMURA \(fka. MAENAKA\) Tetsuya" <maenaka@pluto.dti.ne.jp>
Subject: Re: slapd - slow starting
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>, 
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Jul 2006 13:27:44 -0000

Dominik Zalewski <dzalewski@open-craft.com> writes:

Hi,

> Problem is after I change things in /dev/nsswitch.conf. If I live it like 
> this:
>
> group: compat
> passwd: compat
>
> I start slapd using /etc/rc.d/slapd start , then I change /etc/nsswitch.conf 
> to:
>
> group: files ldap
> passwd: files ldap
>
> Everything is fine and users can login via ssh using their ldap password. I 
> can boot server with first configuration and run some script that will copy 
> second nsswitch.conf , but I dont like this solution and I dont understand 
> why its not working.

Chicken & Egg problem, the system queries the ldap backend to get
informations about the account it will use to start the ldap backend.

I've made a change to /etc/rc.d/slapd that copies a ldap disabled
nsswitch.conf to /etc in start_precmd() and then a ldap enabled
nsswitch.conf to /etc in start_postcmd().

I've tried to toy with backend options in nsswitch.conf but no luck atm.
Seems I'm not alone, see <20060707161801.GB42118@dimma.mow.oilspace.com>
regarding "nsswitch.conf problem with group status code"
group: files [success=return notfound=continue unavail=continue tryagain=continue] ldap
passwd: files [success=return notfound=continue unavail=continue tryagain=continue] ldap

Regards

Éric Masson

-- 
 l'anarchie, c'est pt'etre pas genial comme mode de gouvernement,
 mais c'est mieux que pas de gouvernement du tout.
 -+- Kevin in <http://www.le-gnu.net>  -+- Ni Root, ni Maître. -+-