Date: Wed, 19 Mar 2008 12:48:24 +0100 From: Daniel Bond <db@danielbond.org> To: Dmitriy Kirhlarov <dimma@higis.ru> Cc: ohartman@zedat.fu-berlin.de, freebsd-stable@freebsd.org, Valerio Daelli <valerio.daelli@gmail.com> Subject: Re: [Working fix] Problems combining nss_ldap/pam_ldap with pam_mkhomedir in FreeBSD 7.0 Message-ID: <47E0FD88.4080207@danielbond.org> In-Reply-To: <47DF8F10.8080200@higis.ru> References: <47DE9638.6080609@danielbond.org> <47DF8F10.8080200@higis.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello! Dmitriy Kirhlarov wrote: | Hi! | | Daniel Bond wrote: | |> I'm pretty sure my ldap.conf and nsswitch.conf are OK, but here they are |> anyway: |> |> |> /usr/local/etc/nss_ldap.conf -> openldap/ldap.conf |> /usr/local/etc/ldap.conf -> openldap/ldap.conf | | I'm not sure is it correct. | etc/ldap.conf and etc/openldap/ldap.conf -- different files for | different purposes. | etc/nss_ldap.conf -> etc/ldap.conf -- it's correct. | The ldap.conf file is only used for nss_ldap and pam_ldap, so I don't suppose it really matters where the config-file resides. |> port 389 |> ldap_version 3 |> bind_policy soft | ^^^^^^^^^^^^^^^^^^ | | Try replace to | bind_policy hard | | Developers doesn't like "soft". I don't know why, but it periodically | it's broken in new versions nss_ldap (2 time for last 3 years AFAIR). | I'm not sure about current status. It must be tested. | You are absolutely correct, when I change *bind_policy* to *hard*, the problem goes away, nss_ldap stops whining about contacting server in /var/log/auth.log. SSH with pubkey-exchange or password authentication also works with bind_policy hard. Allthough it would be nice to have "bind_policy soft" working properly (I'm still interested in fixing this if I can manage to track it down), this is a sollution I'm quite happy with, and seems to work well. Thanks! | Also try | | echo "debug 9" >> /usr/local/etc/ldap.conf | | For details see | slapd.conf(5) about loglevel | | WBR. | Dmitriy | _______________________________________________ | freebsd-stable@freebsd.org mailing list | http://lists.freebsd.org/mailman/listinfo/freebsd-stable | To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" Cheers and happy easter, Daniel Bond, Network Solutions Norway. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFH4P2IUR3pKhqN0EoRAoWdAJoDN3unZP4doZ/B1QbdgJw2gwbUmgCeOw49 hf6DTOvORC6md3jeMy6Qa6c= =K/Vc -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47E0FD88.4080207>