From owner-freebsd-stable@FreeBSD.ORG Fri Jan 20 01:00:30 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D3CFD16A41F; Fri, 20 Jan 2006 01:00:30 +0000 (GMT) (envelope-from doconnor@gsoft.com.au) Received: from cain.gsoft.com.au (cain.gsoft.com.au [203.31.81.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 425D443D45; Fri, 20 Jan 2006 01:00:29 +0000 (GMT) (envelope-from doconnor@gsoft.com.au) Received: from inchoate.gsoft.com.au (inchoate.gsoft.com.au [203.31.81.21]) (authenticated bits=0) by cain.gsoft.com.au (8.13.5/8.13.4) with ESMTP id k0K10MGE089160 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 20 Jan 2006 11:30:23 +1030 (CST) (envelope-from doconnor@gsoft.com.au) From: "Daniel O'Connor" To: freebsd-stable@freebsd.org Date: Fri, 20 Jan 2006 11:30:10 +1030 User-Agent: KMail/1.9.1 MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart1570343.mjU7v2EVbX"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200601201130.18872.doconnor@gsoft.com.au> X-Spam-Score: -1.36 () ALL_TRUSTED X-Scanned-By: MIMEDefang 2.54 on 203.31.81.10 Cc: vsevolod@freebsd.org Subject: Using [Open]LDAP for authentication X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 01:00:30 -0000 --nextPart1570343.mjU7v2EVbX Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap= =20 (and samba). I use the RCORDER port option so it put the startup file=20 in /etc/rc.d. In 5.4 this worked fine - it started up correctly and in the right place.=20 However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I=20 accidentally told it to delete the rc.d file (doh..) I then upgraded to a=20 slightly later version of openldap (a newer version of openldap23-server). The problem now is that OpenLDAP appears to start very late, since lots of= =20 things need to do nss_ldap lookups it means bootup is very glacial as they= =20 timeout. In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the SERV= ERS=20 requirement out of /etc/rc.d/slapd I wonder if there should be another dummy rc.d file which marks where servi= ces=20 that supply passwd/group/etc information are available and then SERVERS can= =20 depend on that (because a lot of servers need to be able to change to anoth= er=20 user ID after starting). Then again maybe my nsswitch.conf is broken as I have.. group: ldap files hosts: files dns networks: files passwd: ldap files shells: files Maybe I should swap files and ldap around.. Hmm I'll try that and see :) Even if that does fix it, I think it would be good to be able to run OpenLD= AP=20 as early as practical. =2D-=20 Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C --nextPart1570343.mjU7v2EVbX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD0DYi5ZPcIHs/zowRApqTAJ0WhErsBdKY/7JlldtjyeoDtT+5QgCeOMM3 j1bKomIJp/86Bx0njJNEslw= =xjvG -----END PGP SIGNATURE----- --nextPart1570343.mjU7v2EVbX--