On Fri, Jan 20, 2006 at 11:30:10AM +1030, Daniel O'Connor wrote: > Hi, > I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap > (and samba). I use the RCORDER port option so it put the startup file > in /etc/rc.d. > > In 5.4 this worked fine - it started up correctly and in the right place. > However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I > accidentally told it to delete the rc.d file (doh..) I then upgraded to a > slightly later version of openldap (a newer version of openldap23-server). > > The problem now is that OpenLDAP appears to start very late, since lots of > things need to do nss_ldap lookups it means bootup is very glacial as they > timeout. > > In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the > SERVERS > requirement out of /etc/rc.d/slapd > > I wonder if there should be another dummy rc.d file which marks where > services > that supply passwd/group/etc information are available and then SERVERS can > depend on that (because a lot of servers need to be able to change to another > user ID after starting). > > Then again maybe my nsswitch.conf is broken as I have.. > group: ldap files > hosts: files dns > networks: files > passwd: ldap files > shells: files > > Maybe I should swap files and ldap around.. Hmm I'll try that and see :) > > Even if that does fix it, I think it would be good to be able to run OpenLDAP > as early as practical.
Files should definitly come first and services that start before DAEMON, and possily before LOGIN should really have their necessicary users and groups in local files. Nothing that requires user accounts or performs actions on behalf of users should start before LOGIN. -- Brooks -- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
pgp14vgcc7B8N.pgp
Description: PGP signature
