On 10/22/07, Bertram Scharpf <[EMAIL PROTECTED]> wrote: > Hi, > > Am Montag, 22. Okt 2007, 13:44:19 +0100 schrieb Benjamin Smee: > > On Monday 22 October 2007 13:12:29 Bertram Scharpf wrote: > > > > > > @(#) $OpenLDAP: slapd 2.3.38 (Oct 18 2007 22:12:26) $ > > > [EMAIL > > > PROTECTED]:/var/tmp/portage/net-nds/openldap-2.3.38/work/openldap-2.3.38/ > > >servers/slapd nss_ldap: failed to bind to LDAP server ldap://127.0.0.1: > > > Can't contact LDAP server nss_ldap: failed to bind to LDAP server > > > ldap://127.0.0.1/: Can't contact LDAP server nss_ldap: failed to bind to > > > LDAP server ldapi://%2fvar%2frun%2fldapi_sock/: Can't contact LDAP server > > > ... > > > nss_ldap: could not search LDAP server - Server is unavailable > > > > > > I found out that the Gentoo init script activates the > > > options "-u ldap -g ldap". Without them, the error messages > > > do not appear. Therefore I suppose the slapd daemon tries to > > > obtain passwd/shadow information for ldap via nss_ldap. At > > > least when I say "compat" in nsswitch.conf, the error > > > message doesn't appear as well. > > > > instead of -u ldap -g ldap, try putting in the UID and GID. This should stop > > the calls to the server. > > I forgot to mention that I tried this, too. The same > messages appear. > > Is there a way to determine _what_ nss is asked for?
Sure, turn on nscd in super debug mode and you should see most, if not all the requests. -Alec > > > > I even tried to chown the > > > shadow file to ldap but this didn't save me from the weird > > > messages either. > > > > Don't play with the perms on /etc/shadow, you're just openning up security > > holes. > > That was just for a minute. Of course I recovered the > previous state immediately. > > Thanks anyway so far, > > Bertram > > > -- > Bertram Scharpf > Stuttgart, Deutschland/Germany > http://www.bertram-scharpf.de > -- > [EMAIL PROTECTED] mailing list > > -- [EMAIL PROTECTED] mailing list