On Monday 22 October 2007 13:12:29 Bertram Scharpf wrote: > Hi, > > when setting up LDAP Pam authentication I encountered a > problem that seems to be neither Slapd- nor > nss_ldap-specific. > > When running the init script there comes up an error that > clutters up my syslog with a lot of useless error messages: > > @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $ > [EMAIL > PROTECTED]:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/ >servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: > Can't contact LDAP server nss_ldap: failed to bind to LDAP server > ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to > LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server > ... > nss_ldap: could not search LDAP server - Server is unavailable > WARNING: No dynamic config support for database ldbm. > slapd starting > > I found out that the Gentoo init script activates the > options "-u ldap -g ldap". Without them, the error messages > do not appear. Therefore I suppose the slapd daemon tries to > obtain passwd/shadow information for ldap via nss_ldap. At > least when I say "compat" in nsswitch.conf, the error > message doesn't appear as well.
instead of -u ldap -g ldap, try putting in the UID and GID. This should stop the calls to the server. > The files should be searched first. The "ldap" information > is present in all three of them. I even tried to chown the > shadow file to ldap but this didn't save me from the weird > messages either. Don't play with the perms on /etc/shadow, you're just openning up security holes. -- Benjamin Smee (strerror) net-mail/netmon/forensics/crypto/ldap Fingerprint: 497F 5E98 1FA0 C313 EA0B 08C7 004A 66ED 448B E78C -- [EMAIL PROTECTED] mailing list
