[Date Prev][Date Next]
OpenLDAP auth server
I'm trying to set up LDAP authentication on Solaris servers using
OpenLDAP 2.0.19 and the PADL_PAM and PADL_NSS drivers. I have everything
working fine so far. slapd is running in debug mode and I can see queries
made when I do an ls -l on a client box. I added an entry into the ldap
database for a test user called "ldapguy", chowned a file to his uid and his
name appears as the owner of the file when I do an ls -l. This confirms
that nss is using LDAP correctly.
Here's my concern: I killed slapd on the authentication server and
restarted it. Now the client machine is not communicating with the ldap
server any more. Do the PADL_NSS and PADL_PAM modules use persistent
connections or do they open a socket for each request? Are they robust
enough to handle a downed LDAP server and reestablish new sockets? Is the
information cached on the client side?
I know many people are using this setup in production Solaris
environments and I doubt they'd be willing to do so if they had to reboot
each client machine after a glitch in the LDAP server process. Is there
something I'm missing?
Specific info about my testlab:
2 Netra T1 servers each running Solaris 8 (04/01)
openldap 2.0.19 on ldap server
ANDIrand-0.7-5.8 on both server and client to provide /dev/random and
nss_ldap and pam_ldap from PADL running on client machine