Date: Fri, 20 Jan 2006 11:30:10 +1030 From: "Daniel O'Connor" <doconnor@gsoft.com.au> To: freebsd-stable@freebsd.org Cc: vsevolod@freebsd.org Subject: Using [Open]LDAP for authentication Message-ID: <200601201130.18872.doconnor@gsoft.com.au>
next in thread | raw e-mail | index | archive | help
--nextPart1570343.mjU7v2EVbX Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Hi, I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap= =20 (and samba). I use the RCORDER port option so it put the startup file=20 in /etc/rc.d. In 5.4 this worked fine - it started up correctly and in the right place.=20 However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I=20 accidentally told it to delete the rc.d file (doh..) I then upgraded to a=20 slightly later version of openldap (a newer version of openldap23-server). The problem now is that OpenLDAP appears to start very late, since lots of= =20 things need to do nss_ldap lookups it means bootup is very glacial as they= =20 timeout. In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the SERV= ERS=20 requirement out of /etc/rc.d/slapd I wonder if there should be another dummy rc.d file which marks where servi= ces=20 that supply passwd/group/etc information are available and then SERVERS can= =20 depend on that (because a lot of servers need to be able to change to anoth= er=20 user ID after starting). Then again maybe my nsswitch.conf is broken as I have.. group: ldap files hosts: files dns networks: files passwd: ldap files shells: files Maybe I should swap files and ldap around.. Hmm I'll try that and see :) Even if that does fix it, I think it would be good to be able to run OpenLD= AP=20 as early as practical. =2D-=20 Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C --nextPart1570343.mjU7v2EVbX Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (FreeBSD) iD8DBQBD0DYi5ZPcIHs/zowRApqTAJ0WhErsBdKY/7JlldtjyeoDtT+5QgCeOMM3 j1bKomIJp/86Bx0njJNEslw= =xjvG -----END PGP SIGNATURE----- --nextPart1570343.mjU7v2EVbX--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601201130.18872.doconnor>