Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 24 Jan 2006 12:56:21 -0800
From:      "David F. Severski" <davidski@deadheaven.com>
To:        freebsd-stable@freebsd.org
Subject:   Re: Using [Open]LDAP for authentication
Message-ID:  <20060124205621.GU69091@geoff.deadheaven.com>
In-Reply-To: <20060120200149.GB54284@dan.emsphone.com>
References:  <200601201130.18872.doconnor@gsoft.com.au> <7daacbbe0601192341p32673972j8f309dff1df543aa@mail.gmail.com> <20060120154215.GA54284@dan.emsphone.com> <7daacbbe0601201008m7c650f4esedcd81921d0fd81e@mail.gmail.com> <20060120200149.GB54284@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help 

--WKQ7zUpzoH2KEHMN
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 20, 2006 at 02:01:49PM -0600, Dan Nelson wrote:
> Two, something is calling nanosleep.  It's probably nss_ldap, which
> looks like if it can't contact any of the configured ldap servers,
> waits 4 seconds, then retries, doubling the wait period every time
> until 64 seconds have elapsed, then it fails.  Try putting
>=20
> nss_reconnect_tries 0
> nss_reconnect_maxconntries 0
>=20
> in your /usr/local/etc/nss_ldap.conf file.

I've been struggling with similar issues where slapd seems to hang at
startup when using nss_ldap on the local system (all system accounts and
groups are local, yet the group enumeration seems to cause the hang).
Are these two settings documented anywhere for reference?  I'm trying to
understand how this interact with 'bind_policy soft', which I've also
seen recommended.  The nss_* settings don't seem documented in the stock
nss_ldap.conf.sample file.

Thanks for the help.

David

--WKQ7zUpzoH2KEHMN
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----

iEYEARECAAYFAkPWlHUACgkQlTJ+DI1JK1tRBQCeNoBBdS1c1K6nEo9unNd9XWmp
EoQAnR7ZeXrea+hjuA6QCYX55vObWnQT
=y0gQ
-----END PGP SIGNATURE-----

--WKQ7zUpzoH2KEHMN--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060124205621.GU69091>