[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Server causing panic?

>From experience, there is no actual lockout, but the clients are actually 
waiting for an answer from the ldap server, which of course doesn't come.  
They usually have a timeout configured somewhere, and if this timeout is 
long, then your client machines could wait up to one hour for an answer from 
the ldap server.  Try setting the timeout in your ldap.conf and pam_ldap.conf 
files to something short, like 5 or 10 seconds.  eg: "timelimit 5"


On Wednesday 31 July 2002 23:48, Caylan Van Larson wrote:
> Hey guys/gals:
> Is there any reason why ldap clients (servers) would completely lock out
> when not able to contact the ldap server.  An easy test (for me) is to
> just unplug the fibre and the whole machine locks up.  It will not let me
> login from console/ssh/ftp, or anything.
> I think it might be a PAM problem.  IE: Order of the stack but I am not
> sure.  Does anyone have some really good pam.d files they would like to
> tar-up and let me have shot at it?
> Heck, you might say... "Caylan, this is not LDAP related", but it only
> happens on our openldap clients when configured to look at ldap.    :(
> It hurts,
> Caylan Van Larson
> Unix Administrator - Systems Team Member
> University of North Dakota (Aerospace College)
> caylan@cs.und.edu
> 701-777-6151 (work)