Daniel O'Connor wrote:
On Tue, 22 Sep 2009, O. Hartmann wrote:
I run into trouble with FreeBSD and LDAP on a regular basis!
Sometimes it is necessary to log in onto a bunch of servers with no
LDAP service responding, due to service, crash, eletrically
disconnetion, whatever. The problem is: I can't.
Using all prerequisits from ports (pam_ldap/nss_ldap/ldap as most
recent) my /etc/nsswitch.conf looks like this as it has been the most
reasonable (and only working!) solution for the past 2 years:
passwd: ldap [unavail=continue notfound=continue] files
[success=return notfound=return]
I just have
passwd: cache files ldap
group: cache files ldap
and I can login as root locally without any delay.
That said my LDAP server is on the same machine so perhaps it fails
faster. I am using "uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/" to
connect to.
This sounds like the correct solution, AFAIK it's the same concept as
for NIS, first check local files, then ldap. You don't want your root
credentials possibly be leaked accross the network. On the other hand
you don't want or need user accounts in the local files.
Default first check local files which is fast, then fall back on ldap if
the user is not found.
BR, Erik
--
Erik Nørgaard
Ph: +34.666334818/+34.915211157 http://www.locolomo.org
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
