Derek Simkowiak wrote:
> In my opinion this is an important bug. One of the major reasons for
> using LDAP+nss is for high availability in corporate networks... and
> this bug breaks that completely.
You are starting with a wrong assumption: using nss_ldap will not
provide you with any type of hi
Here is another relevant thread (from April 2009):
http://old.nabble.com/nss-ldap-timeouts--when-used-with-nscd-and-gnutls-
td23145909.html
--
Local login fails without LDAP server
https://bugs.launchpad.net/bugs/253937
You received this bug notification because you are a member of Ubuntu
Server
Same thing here on Ubuntu 9.10.
Here is a (possibly) relevant nss_ldap thread:
http://old.nabble.com/No-timeout-for-nss_ldap--td14576190.html
Unfortunately, that thread ends with "I am looking at fixing this now and
providing some time outs on the soft
path as well. Will keep you informed." Th
** Changed in: libnss-ldap (Ubuntu)
Status: Incomplete => Confirmed
--
Local login fails without LDAP server
https://bugs.launchpad.net/bugs/253937
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.
--
Ubuntu-s
On 2008-08-06, Steve had this tidbit of wisdom:
> If you are only using libnss-ldap without nscd, there is nowhere in the
> model for this reachability information to be stored. If you use nscd,
> results will be cached in the event the server is down.
Well, yes and no. Enumeration of NSS databas
** Changed in: libnss-ldap (Ubuntu)
Status: New => Incomplete
** Changed in: libnss-ldap (Ubuntu)
Importance: Undecided => Low
--
Local login fails without LDAP server
https://bugs.launchpad.net/bugs/253937
You received this bug notification because you are a member of Ubuntu
Server Te
On Wed, Aug 06, 2008 at 02:34:20PM -, Steve wrote:
> Wouldn't it be a lot more intelligent in libnss-ldap to do a *one-time*
> check if the LDAP server is reachable, and if not there's just no
> output. Just something simple like a ping. Only local files will be
> used.
If you are only using l
Hi,
the thing is, that I've already tried setting those timeouts. And there
was no result at all. The "lookup" time didn't change.
Wouldn't it be a lot more intelligent in libnss-ldap to do a *one-time*
check if the LDAP server is reachable, and if not there's just no
output. Just something simpl
Nothing looks amiss in the PAM or NSS configs. From the description,
this is not a PAM problem at all, but an nss_ldap one: it's not the
authentication which fails, but the resolution of users and groups
afterwards.
I believe the relevant section of /etc/ldap/ldap.conf is this:
# Search timelimi