Date: Wed, 23 Sep 2009 11:04:36 +0930 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: Erik Norgaard <norgaard@locolomo.org> Cc: freebsd-current@freebsd.org, "O. Hartmann" <ohartman@zedat.fu-berlin.de>, freebsd-questions@freebsd.org Subject: Re: LDAP server gone -> impossible to login locally! Message-ID: <200909231104.39234.doconnor@gsoft.com.au> In-Reply-To: <4AB93614.2080106@locolomo.org> References: <4AB8BAA9.1060100@zedat.fu-berlin.de> <200909222248.16475.doconnor@gsoft.com.au> <4AB93614.2080106@locolomo.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On Wed, 23 Sep 2009, Erik Norgaard wrote: > This sounds like the correct solution, AFAIK it's the same concept as > for NIS, first check local files, then ldap. You don't want your root > credentials possibly be leaked accross the network. On the other hand > you don't want or need user accounts in the local files. > > Default first check local files which is fast, then fall back on ldap > if the user is not found. Actually I wrote them the wrong way, how odd! I actually have.. group: cache ldap files passwd: cache ldap files I think that if it fails ldap, it does so very quickly - it certainly did this morning when I rebooted uncleanly. I believe I did try it as "cache files ldap" but I had some issues, I can't recall what they were though. I had quite a bit of difficulty getting it to work acceptably so when it did I left it alone :) On a related note, why is slapd so damn fragile? It's a righteous pain in the bum the way you have to run db_recover-X.Y /var/db/openldap-data if slapd fails to start. It wouldn't be so bad if it logged anything, but even with full logging it gives a very cryptic message and if you have logging disabled (which is recommended for performance!) it won't say _anything_. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (FreeBSD) iD8DBQBKuXsv5ZPcIHs/zowRAnUkAJ47Q7wTM2MneJMjRXXmOYdqlAJfQQCgnTXK J/F9d1WkLucHikktWAJhHzk= =VDXn -----END PGP SIGNATURE-----help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200909231104.39234.doconnor>