[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP auth server



Hello all,
   I'm trying to set up LDAP authentication on Solaris servers using
OpenLDAP 2.0.19 and the PADL_PAM and PADL_NSS drivers.  I have everything
working fine so far.  slapd is running in debug mode and I can see queries
made when I do an ls -l on a client box.  I added an entry into the ldap
database for a test user called "ldapguy", chowned a file to his uid and his
name appears as the owner of the file when I do an ls -l.  This confirms
that nss is using LDAP correctly.

   Here's my concern: I killed slapd on the authentication server and
restarted it.  Now the client machine is not communicating with the ldap
server any more.  Do the PADL_NSS and PADL_PAM modules use persistent
connections or do they open a socket for each request?  Are they robust
enough to handle a downed LDAP server and reestablish new sockets?  Is the
information cached on the client side?

   I know many people are using this setup in production Solaris
environments and I doubt they'd be willing to do so if they had to reboot
each client machine after a glitch in the LDAP server process.  Is there
something I'm missing?


Specific info about my testlab:
2 Netra T1 servers each running Solaris 8 (04/01)
openldap 2.0.19 on ldap server
ANDIrand-0.7-5.8 on both server and client to provide /dev/random and
/dev/urandom
nss_ldap and pam_ldap from PADL running on client machine


Thanks,
Terry Ewing