From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 22:58:07 2007 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 883ED16A404 for ; Mon, 12 Mar 2007 22:58:07 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.225]) by mx1.freebsd.org (Postfix) with ESMTP id 45FE713C469 for ; Mon, 12 Mar 2007 22:58:07 +0000 (UTC) (envelope-from jahilliya@gmail.com) Received: by wr-out-0506.google.com with SMTP id q50so1089589wrq for ; Mon, 12 Mar 2007 15:58:05 -0700 (PDT) DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=EFtNgMi5d/kQjQt88hAueJOshIufGoQCzfgretDreIFhuA8wZmdaawFzy9i+hoNq4LafxEa5qRDEgps8ZeMc+u3PNdhytVnm6QjhLGxx04DggLLQggqjMHlVJ/XyUJ8Iq0o+A18mzNXHYuKiSelVt3uW2zXa0iv1yEFgFob+hoY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:references; b=VH9KIhc2Z0c8o81EKyYFR0JXqouPzIlTSSm4z2GySGJEPDLdyXHYe1wft4sfcagZbGyvcEX6Zbo29wnnFmABXuzftHnOlYUq9oF1GkaT73uMGnSmwvVagrLG3i5vQylvVgTXbyStEJ6bvxT4FwdPBH2Mem7bnTEPd00EYo7MKJI= Received: by 10.65.43.17 with SMTP id v17mr476771qbj.1173740285608; Mon, 12 Mar 2007 15:58:05 -0700 (PDT) Received: by 10.65.230.10 with HTTP; Mon, 12 Mar 2007 15:58:05 -0700 (PDT) Message-ID: Date: Tue, 13 Mar 2007 07:58:05 +0900 From: "Daniel Marsh" To: "Gerhard Schmidt" In-Reply-To: <20070312141915.GA1842@augusta.de> MIME-Version: 1.0 References: <20070312141915.GA1842@augusta.de> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: nss_ldap and openldap on the same server. X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2007 22:58:07 -0000 On 3/12/07, Gerhard Schmidt wrote: > > Hi, > > I have a small problem. On my central server we run an openldap server > that > contains the userdata for some systems. An the server uses this ldap > server for authentication and nss. The problem is that when the server is > booting slapd takes a very long time to start up. I think it's trying to > get an answer from ldap for the user ldap. But user ldap is in /etc/passwd > and in /etc/groups > > My nsswitch.conf looks like this. > > group: files ldap > hosts: files dns > networks: files > passwd: files ldap > shells: files > > The system comes up but takes very long to do so (i think it's somekind of > timeout) > Mar 12 14:58:23 phobos slapd[584]: nss_ldap: could not search LDAP server > - Server is unavailable > > As I see it, nss asks all sources even if the frist one allready knows the > answer. Is there a way to change this. > I've run into this very same problem... but the way I got around it was putting OpenLDAP in a jail all by its lonesome and making sure that jail would start before anything on the host system would start that may need LDAP... (effectively meaning the LDAP server is a different "machine")