On Sun, 28 Sep 2008, Olaf Schulz wrote:
'id' will hang forever when if not setting sizelimit 2048 in the ldap server config.
Odd, something is likely amiss in your setup
For the reason behind this behaviour I found that libnss-ldap asked the ldap server for the whole bunch of passwd and group entries instead of doing a smart ldap search.
You don't show you /etc/libnss-ldap.conf - does it actually have any filters enabled?
As our ldap userbase has more than 512 entries, I had to increas the sizelimit Parameter on the server as a workaround. Via tcpdump I found that the client sent a LDAPMessage searchRequest(2) "ou=user,dc=in-berlin,dc=de" wholeSubtree instead of doing a search. I expected it doing a search like
You have to tell it what filters and base to use
ldapsearch ... 'uid=..' and ldapsearch ... '(&(objectClass=posixGroup)(memberUid=...))' gidNumber,gidName for group memberships. Please correct me if I'm wrong, but I cannot expect that getting the whole table would be a reasonable approach for a larger user database. I verified that the used ldap server is working. from /etc/nsswitch.conf: passwd: files ldap group: files ldap shadow: files ldap
You configuration likely has issues, but still, you're likely to be happier if you move to libnss-ldapd; it is less resource intensive
regards Olaf
Good luck, -- Rick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
