Hi, On 1/20/06, Daniel O'Connor <[EMAIL PROTECTED]> wrote: > Hi, > I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap > (and samba). I use the RCORDER port option so it put the startup file > in /etc/rc.d. > > In 5.4 this worked fine - it started up correctly and in the right place. > However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I > accidentally told it to delete the rc.d file (doh..) I then upgraded to a > slightly later version of openldap (a newer version of openldap23-server). > > The problem now is that OpenLDAP appears to start very late, since lots of > things need to do nss_ldap lookups it means bootup is very glacial as they > timeout. > > In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the SERVERS > requirement out of /etc/rc.d/slapd > > I wonder if there should be another dummy rc.d file which marks where services > that supply passwd/group/etc information are available and then SERVERS can > depend on that (because a lot of servers need to be able to change to another > user ID after starting). > > Then again maybe my nsswitch.conf is broken as I have.. > group: ldap files > hosts: files dns > networks: files > passwd: ldap files > shells: files > > Maybe I should swap files and ldap around.. Hmm I'll try that and see :) > > Even if that does fix it, I think it would be good to be able to run OpenLDAP > as early as practical.
I've reported recently a problem with the same symptoms [1] but I use this order in my nsswitch.conf "files ldap". All exemples I found on internet use this order. And if I understand correctly, this order means, if a user is not found in files then it tries on ldap? [1] http://lists.freebsd.org/pipermail/freebsd-questions/2006-January/110581.html > -- > Daniel O'Connor software and network engineer > for Genesis Software - http://www.gsoft.com.au > "The nice thing about standards is that there > are so many of them to choose from." > -- Andrew Tanenbaum > GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C > > > regards. -- There's this old saying: "Give a man a fish, feed him for a day. Teach a man to fish, feed him for life." _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
