Re: Using [Open]LDAP for authentication
On Fri, Jan 20, 2006 at 02:01:49PM -0600, Dan Nelson wrote: > Two, something is calling nanosleep. It's probably nss_ldap, which > looks like if it can't contact any of the configured ldap servers, > waits 4 seconds, then retries, doubling the wait period every time > until 64 seconds have elapsed, then it fails. Try putting > > nss_reconnect_tries 0 > nss_reconnect_maxconntries 0 > > in your /usr/local/etc/nss_ldap.conf file. I've been struggling with similar issues where slapd seems to hang at startup when using nss_ldap on the local system (all system accounts and groups are local, yet the group enumeration seems to cause the hang). Are these two settings documented anywhere for reference? I'm trying to understand how this interact with 'bind_policy soft', which I've also seen recommended. The nss_* settings don't seem documented in the stock nss_ldap.conf.sample file. Thanks for the help. David pgpdDb4MXswtA.pgp Description: PGP signature
Re: Using [Open]LDAP for authentication
On Tue, Jan 24, 2006 at 11:57:28PM +0100, Dominique Goncalves wrote: > > Can you try nss_ldap-1.389 thanks to portdowngrade if these hangs are > > still here ? > > Sorry, I mean nss_ldap-1.239 and nss_ldap-1.244. I'll give that a try. Before I downgrade and try the reboot, do you have particular recommendations for nss_ldap.conf? Were you able to use bind_policy hard with nss_ldap-1.239 and do you have either of the suggested nss_* settings specified? Thanks for the suggestion. David pgp2gD59ZzQJB.pgp Description: PGP signature
Running ipfilter 4.1.10 on 6-STABLE
Since making the jump from 4-STABLE to 6-STABLE I've been plagued with connections getting dropped and mangled by out of window (OOW) issues with ipfilter 4.1.8. While disabling SACKs has slightly helped, this is still a very persistent problem. It looks like many of these problems have been resolved under 4.1.10 which was imported into CURRENT back in early December. Is there a timeline for this code to come to 6-STABLE? Alternatively, is there an easy way to pull down just this code and run under 6-STABLE? Thanks for the help. David pgparNClexBrb.pgp Description: PGP signature
Re: Using [Open]LDAP for authentication
On Tue, Jan 24, 2006 at 11:57:28PM +0100, Dominique Goncalves wrote: > > After some tests, using nss_ldap-1.389 instead of nss_ldap-1.444 seems > > to solve hangs at startup and when slapd is down. > > > > Can you try nss_ldap-1.389 thanks to portdowngrade if these hangs are > > still here ? > > Sorry, I mean nss_ldap-1.239 and nss_ldap-1.244. Success! I just downgraded to nss_ldap-1.239 and was able to warm boot past slapd in approx. 35 seconds. Thanks for the tip on both nss_ldap and portdowngrade (a nifty port, that one). Googling around, I don't see any notes that PADL has acknowledged any bugs w/v1.244 and this startup issue. Do you know if this is a known issue or if anyone from PADL is working on this? David pgpM4V1AGBnyO.pgp Description: PGP signature
