One of the more "undocumented" things here is to make sure that in your /usr/local/etc/nss_ldap.conf to make sure that your bind_polcy is soft.
If not, you will have no end of problems if you ldap server goes down. Basically if you have in your nsswitch.conf: Passwd: files ldap Group: files ldap If your ldap server is down; nss_ldap keeps trying to reconnect and allot of apps just hang; (like top, ls -la etc) > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:owner-freebsd- > [EMAIL PROTECTED] On Behalf Of Joe Shevland > Sent: May 25, 2006 3:33 AM > To: freebsd-questions@freebsd.org > Subject: nss_ldap and OpenLDAP client version > > Hi, > > I'm about to setup my jails so they authenticate against the 'host' > server using OpenLDAP and nss_ldap, pam_ldap and so on. I've done this > before but wanted to repeat the process because last time it ended up > being so much fiddling that when I finished I just left it alone - this > time I'm documenting it :) I packaged up versions of the port for > OpenLDAP 2.3 (well, actually 2.4 but that looks to just use 2.3 in any > case) and then went to package up the nss_ldap port but its after > OpenLDAP 2.2 stuff... I guess my question is whether this is intentional > (i.e. security related), or just a port maintenance issue? I would've > thought between 2.2->2.3 there's been a few security advisories... I > only did a lazy lightning google and came across a few > (http://www.frsirt.com/english/advisories/2005/0947) is perhaps one. > > Anyway, just thought I'd check. As punishment, if this is a stupid > question or has been answered before, happy to write up a tutorial as I > go as penance. > > Cheers > Joe > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions- > [EMAIL PROTECTED]" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"