Hi, I've been trying to get my ldap authentication working, something I have done before with little issue, but this time around it is causing real pain.
Pretty much the same problems Jan HREHO was having back in Febuary - http://lists.freebsd.org/pipermail/freebsd-questions/2006-February/112066.html I tried the suggested solution to that - moving the slapd startup script into /etc/rc.d, but that didn't help, same problem just further up in the boot process. Another possibility I came across was putting the line 'bind_policy soft' in /etc/ldap.conf (symlinked to /usr/local/etc/ldap.conf & /usr/local/etc/nss_ldap.conf). This seemed to do the job, until I then tried to ssh onto localhost using an ldap user account. It failed with Apr 19 22:48:10 svr1 sshd: nss_ldap: could not search LDAP server - Server is unavailable Apr 19 22:48:10 svr1 sshd: fatal: login_get_lastlog: Cannot find account for uid 2000 Removing the bind_policy from the file then retrying, it worked fine. The second solution I tried was to change the slapd.sh file to just launch the deamon i.e. '/usr/local/libexec/slapd'. This seems to work, but it is very unelegent, and it may have knock on effects I am unaware of at this time. I'm more interested in getting the process right to set it up at this stage, rather than hacking away to get a working system (I'm working on a series of documents). I'm doing this on a virgin 6.0 installation, cvsuped with the latest ports, fresh install of openldap22, pam_ldap and nss_ldap. So the question is, is this a common problem, if not then what I am doing wrong to create it, if so then is there a more elequent solutions than hacking away at the startup script? The thread that suggests the bind_policy also mentions 'nss_reconnect_* parameters', which certainly sounds like it could be the answer, but I havn't been able to google anything about them. Cheers, Martin _______________________________________________ email@example.com mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"