From owner-freebsd-stable@FreeBSD.ORG Tue Jan 24 22:57:38 2006 Return-Path: X-Original-To: freebsd-stable@freebsd.org Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0F26B16A41F for ; Tue, 24 Jan 2006 22:57:38 +0000 (GMT) (envelope-from dominique.goncalves@gmail.com) Received: from uproxy.gmail.com (uproxy.gmail.com [66.249.92.198]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2C2D943D48 for ; Tue, 24 Jan 2006 22:57:36 +0000 (GMT) (envelope-from dominique.goncalves@gmail.com) Received: by uproxy.gmail.com with SMTP id o2so10081uge for ; Tue, 24 Jan 2006 14:57:36 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=lHB4NdsVH7ULwiwCpXIPH4RP2un/SOwxSSLHINGcS1Z1iolhchZDCZh4nn+UcORMbUZ+63xhx/0OLzf9Q9BMl4hn8sEWMjklQNXNV21x4Yn8irgZ/1Jx8Wv7aJvfMzI2Ez+AqlDueANeYt2zthvfj1foc7QCnLV9hJbSrwgJB54= Received: by 10.48.42.5 with SMTP id p5mr1355nfp; Tue, 24 Jan 2006 14:57:28 -0800 (PST) Received: by 10.49.1.17 with HTTP; Tue, 24 Jan 2006 14:57:28 -0800 (PST) Message-ID: <7daacbbe0601241457t2850a374xd7926556a86a91e1@mail.gmail.com> Date: Tue, 24 Jan 2006 23:57:28 +0100 From: Dominique Goncalves To: "David F. Severski" In-Reply-To: <7daacbbe0601241448o67680fedu5521d0aa5f3b42a0@mail.gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <200601201130.18872.doconnor@gsoft.com.au> <7daacbbe0601192341p32673972j8f309dff1df543aa@mail.gmail.com> <20060120154215.GA54284@dan.emsphone.com> <7daacbbe0601201008m7c650f4esedcd81921d0fd81e@mail.gmail.com> <20060120200149.GB54284@dan.emsphone.com> <20060124205621.GU69091@geoff.deadheaven.com> <7daacbbe0601241448o67680fedu5521d0aa5f3b42a0@mail.gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: Using [Open]LDAP for authentication X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 24 Jan 2006 22:57:38 -0000 On 1/24/06, Dominique Goncalves wrote: > On 1/24/06, David F. Severski wrote: > > On Fri, Jan 20, 2006 at 02:01:49PM -0600, Dan Nelson wrote: > > > Two, something is calling nanosleep. It's probably nss_ldap, which > > > looks like if it can't contact any of the configured ldap servers, > > > waits 4 seconds, then retries, doubling the wait period every time > > > until 64 seconds have elapsed, then it fails. Try putting > > > > > > nss_reconnect_tries 0 > > > nss_reconnect_maxconntries 0 > > > > > > in your /usr/local/etc/nss_ldap.conf file. > > > > I've been struggling with similar issues where slapd seems to hang at > > startup when using nss_ldap on the local system (all system accounts an= d > > groups are local, yet the group enumeration seems to cause the hang). > > Are these two settings documented anywhere for reference? I'm trying t= o > > understand how this interact with 'bind_policy soft', which I've also > > seen recommended. The nss_* settings don't seem documented in the stoc= k > > nss_ldap.conf.sample file. > > After some tests, using nss_ldap-1.389 instead of nss_ldap-1.444 seems > to solve hangs at startup and when slapd is down. > > Can you try nss_ldap-1.389 thanks to portdowngrade if these hangs are > still here ? Sorry, I mean nss_ldap-1.239 and nss_ldap-1.244. > > > Thanks for the help. > > > > David > > > > > > > > Regards. > > -- > There's this old saying: "Give a man a fish, feed him for a day. Teach > a man to fish, feed him for life." > -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life."