[Date Prev][Date Next]
Re: Problem setting up OpenLDAP for user authentication
On Wed, 5 Mar 2008, Buchan Milne wrote:
> On Tuesday 04 March 2008 12:45:18 Guennadi Liakhovetski wrote:
> > for "passwd", "group", "shadow". Now I would expect that with sequences
> > ("pam_unix" before "pam_ldap" and "files" before "ldap") indeed locally
> > known users wouldn't be authenticated using ldap.
> If it were all just about users, then yes. However, users (either local or in
> LDAP) can be members of groups in LDAP (or, of course local). So, any
> function that lists the groups a user is a member of will invoke nss_ldap.
> > Unfortunately, this
> > doesn't seem to be the case. Now _all_ nss / pam requests go to the LDAP
> > server. Including calls from udevd, avahi-daemon, and others, which causes
> > them to fail in various ways.
> If you just want to prevent this from delaying bootup, the solution here may
> just be to add:
> bind_policy soft
> to nss_ldap's ldap.conf (/etc/libnss_ldap.conf on Debian I think).
So far my main problem is not delays in the bootup but failing services.
like avahi-daemon, NetworkManager, gpm, etc. Are they failing because SASL
is not configured? Can I configure LDAP access grobally to not use it?
I've set up TLS, so, SASL shouldn't be needed? Or how do I fix it?