From owner-freebsd-stable@FreeBSD.ORG Fri Jan 20 07:41:44 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8C07D16A41F for ; Fri, 20 Jan 2006 07:41:44 +0000 (GMT) (envelope-from dominique.goncalves@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.196]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC89D43D45 for ; Fri, 20 Jan 2006 07:41:43 +0000 (GMT) (envelope-from dominique.goncalves@gmail.com) Received: by uproxy.gmail.com with SMTP id o2so211929uge for ; Thu, 19 Jan 2006 23:41:42 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=N68frwV9JUj5rEaly+V/YfgyAm3PE2GfmoV0avpJrlWPEkVladAS4OKlgxwA6wFHL2z8m49VewhgtafHuJnY+p7kHLenlCTaK1+7nhA0mibzEZrHMWFzpDW/5DRUagSbPOrsUWr1nDGsWV2L2/WeHRCPtP3Woval4sb3Bwi5dco= Received: by 10.48.235.6 with SMTP id i6mr117511nfh; Thu, 19 Jan 2006 23:41:42 -0800 (PST) Received: by 10.48.157.16 with HTTP; Thu, 19 Jan 2006 23:41:41 -0800 (PST) Message-ID: <7daacbbe0601192341p32673972j8f309dff1df543aa@mail.gmail.com> Date: Fri, 20 Jan 2006 08:41:41 +0100 From: Dominique Goncalves To: Daniel O'Connor In-Reply-To: <200601201130.18872.doconnor@gsoft.com.au> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200601201130.18872.doconnor@gsoft.com.au> Cc: vsevolod@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Using [Open]LDAP for authentication X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 20 Jan 2006 07:41:44 -0000 Hi, On 1/20/06, Daniel O'Connor wrote: > Hi, > I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ld= ap > (and samba). I use the RCORDER port option so it put the startup file > in /etc/rc.d. > > In 5.4 this worked fine - it started up correctly and in the right place. > However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I > accidentally told it to delete the rc.d file (doh..) I then upgraded to a > slightly later version of openldap (a newer version of openldap23-server)= . > > The problem now is that OpenLDAP appears to start very late, since lots o= f > things need to do nss_ldap lookups it means bootup is very glacial as the= y > timeout. > > In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the SE= RVERS > requirement out of /etc/rc.d/slapd > > I wonder if there should be another dummy rc.d file which marks where ser= vices > that supply passwd/group/etc information are available and then SERVERS c= an > depend on that (because a lot of servers need to be able to change to ano= ther > user ID after starting). > > Then again maybe my nsswitch.conf is broken as I have.. > group: ldap files > hosts: files dns > networks: files > passwd: ldap files > shells: files > > Maybe I should swap files and ldap around.. Hmm I'll try that and see :) > > Even if that does fix it, I think it would be good to be able to run Open= LDAP > as early as practical. I've reported recently a problem with the same symptoms [1] but I use this order in my nsswitch.conf "files ldap". All exemples I found on internet use this order. And if I understand correctly, this order means, if a user is not found in files then it tries on ldap? [1] http://lists.freebsd.org/pipermail/freebsd-questions/2006-January/11058= 1.html > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > regards. -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life."