Date: Fri, 20 Jan 2006 11:30:10 +1030 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: freebsd-stable@freebsd.org Cc: vsevolod@freebsd.org Subject: Using [Open]LDAP for authentication Message-ID: <200601201130.18872.doconnor@gsoft.com.au>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Hi, I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap (and samba). I use the RCORDER port option so it put the startup file in /etc/rc.d. In 5.4 this worked fine - it started up correctly and in the right place. However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I accidentally told it to delete the rc.d file (doh..) I then upgraded to a slightly later version of openldap (a newer version of openldap23-server). The problem now is that OpenLDAP appears to start very late, since lots of things need to do nss_ldap lookups it means bootup is very glacial as they timeout. In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the SERVERS requirement out of /etc/rc.d/slapd I wonder if there should be another dummy rc.d file which marks where services that supply passwd/group/etc information are available and then SERVERS can depend on that (because a lot of servers need to be able to change to another user ID after starting). Then again maybe my nsswitch.conf is broken as I have.. group: ldap files hosts: files dns networks: files passwd: ldap files shells: files Maybe I should swap files and ldap around.. Hmm I'll try that and see :) Even if that does fix it, I think it would be good to be able to run OpenLDAP as early as practical. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD0DYi5ZPcIHs/zowRApqTAJ0WhErsBdKY/7JlldtjyeoDtT+5QgCeOMM3 j1bKomIJp/86Bx0njJNEslw= =xjvG -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601201130.18872.doconnor>