From owner-freebsd-stable@FreeBSD.ORG Wed Mar 19 11:48:28 2008 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DE241106564A for ; Wed, 19 Mar 2008 11:48:28 +0000 (UTC) (envelope-from db@danielbond.org) Received: from mail.nsn.no (mailtwo.nsn.no [62.89.38.161]) by mx1.freebsd.org (Postfix) with SMTP id 3CA3E8FC13 for ; Wed, 19 Mar 2008 11:48:27 +0000 (UTC) (envelope-from db@danielbond.org) Received: (qmail 11128 invoked by uid 0); 19 Mar 2008 11:48:25 -0000 Received: from unknown (HELO ?127.0.0.1?) (85.95.44.187) by mail.nsn.no with SMTP; 19 Mar 2008 11:48:25 -0000 Message-ID: <47E0FD88.4080207@danielbond.org> Date: Wed, 19 Mar 2008 12:48:24 +0100 From: Daniel Bond User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: Dmitriy Kirhlarov References: <47DE9638.6080609@danielbond.org> <47DF8F10.8080200@higis.ru> In-Reply-To: <47DF8F10.8080200@higis.ru> X-Enigmail-Version: 0.95.6 OpenPGP: id=1A8DD04A; url=http://web.danielbond.org/pgp/danielbond-pubkey.asc Content-Type: text/plain; charset=KOI8-R; format=flowed Content-Transfer-Encoding: 7bit Cc: ohartman@zedat.fu-berlin.de, freebsd-stable@freebsd.org, Valerio Daelli Subject: Re: [Working fix] Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Mar 2008 11:48:29 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! Dmitriy Kirhlarov wrote: | Hi! | | Daniel Bond wrote: | |> I'm pretty sure my ldap.conf and nsswitch.conf are OK, but here they are |> anyway: |> |> |> /usr/local/etc/nss_ldap.conf -> openldap/ldap.conf |> /usr/local/etc/ldap.conf -> openldap/ldap.conf | | I'm not sure is it correct. | etc/ldap.conf and etc/openldap/ldap.conf -- different files for | different purposes. | etc/nss_ldap.conf -> etc/ldap.conf -- it's correct. | The ldap.conf file is only used for nss_ldap and pam_ldap, so I don't suppose it really matters where the config-file resides. |> port 389 |> ldap_version 3 |> bind_policy soft | ^^^^^^^^^^^^^^^^^^ | | Try replace to | bind_policy hard | | Developers doesn't like "soft". I don't know why, but it periodically | it's broken in new versions nss_ldap (2 time for last 3 years AFAIR). | I'm not sure about current status. It must be tested. | You are absolutely correct, when I change *bind_policy* to *hard*, the problem goes away, nss_ldap stops whining about contacting server in /var/log/auth.log. SSH with pubkey-exchange or password authentication also works with bind_policy hard. Allthough it would be nice to have "bind_policy soft" working properly (I'm still interested in fixing this if I can manage to track it down), this is a sollution I'm quite happy with, and seems to work well. Thanks! | Also try | | echo "debug 9" >> /usr/local/etc/ldap.conf | | For details see | slapd.conf(5) about loglevel | | WBR. | Dmitriy | _______________________________________________ | freebsd-stable@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-stable | To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" Cheers and happy easter, Daniel Bond, Network Solutions Norway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH4P2IUR3pKhqN0EoRAoWdAJoDN3unZP4doZ/B1QbdgJw2gwbUmgCeOw49 hf6DTOvORC6md3jeMy6Qa6c= =K/Vc -----END PGP SIGNATURE-----