Christopher Hunter wrote:
> There seems to be ldap-related bugs in nss_ldap & the nscd daemon in the
> release of redhat 4.6. See redhat bugzilla #404751, #434842, #221199, etc.
>
> The quick fix is to use the previous version of nss_ldap
> (nss_ldap-226-18). My guess is that the long default timeout values
> cause logins to fail. I disabled the nscd service and reduced the
> timelimit values in the ldap.conf settings.
Hi Christopher, my "nss_initgroups_ignoreusers" line in the
/etc/ldap.conf file didn't contain the "nscd" user. After I have added
it, I haven't seen a single issue (yet :) ).
A copy of configuration that is known to work for us is available at [1]
in case people are interested.
Thanks for your suggestions.
[1] http://wiki.farm.particle.cz/index.php?title=LDAP_na_klientech
Cheers,
-jkt