SCIENTIFIC-LINUX-USERS Archives

May 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: troubles with nscd and nss_ldap
From:
Jan Kundrát <[log in to unmask]>
Reply To:
Jan Kundrát <[log in to unmask]>
Date:
Thu, 22 May 2008 20:39:05 +0200
Content-Type:
multipart/signed
Parts/Attachments:
text/plain (794 bytes) , smime.p7s (3516 bytes) 
Christopher Hunter wrote:
> There seems to be ldap-related bugs in nss_ldap & the nscd daemon in the
> release of redhat 4.6. See redhat bugzilla #404751, #434842, #221199, etc.
> 
> The quick fix is to use the previous version of nss_ldap
> (nss_ldap-226-18). My guess is that the long default timeout values
> cause logins to fail. I disabled the nscd service and reduced the
> timelimit values in the ldap.conf settings.

Hi Christopher, my "nss_initgroups_ignoreusers" line in the
/etc/ldap.conf file didn't contain the "nscd" user. After I have added
it, I haven't seen a single issue (yet :) ).

A copy of configuration that is known to work for us is available at [1]
in case people are interested.

Thanks for your suggestions.

[1] http://wiki.farm.particle.cz/index.php?title=LDAP_na_klientech

Cheers,
-jkt

ATOM RSS1 RSS2