nss_ldap/pam_ldap: problems binding

Thu, 20 Apr 2006 15:14:38 -0700 

Hi, 

        I've been trying to get my ldap authentication working, something I 
have done 
before with little issue, but this time around it is causing real pain. 

        Pretty much the same problems Jan HREHO was having back in Febuary - 
http://lists.freebsd.org/pipermail/freebsd-questions/2006-February/112066.html

        I tried the suggested solution to that - moving the slapd startup 
script 
into /etc/rc.d, but that didn't help, same problem just further up in the 
boot process. 

        Another possibility I came across was putting the line 'bind_policy 
soft' 
in /etc/ldap.conf (symlinked to /usr/local/etc/ldap.conf 
& /usr/local/etc/nss_ldap.conf). This seemed to do the job, until I then 
tried to ssh onto localhost using an ldap user account. It failed with 

Apr 19 22:48:10 svr1 sshd[660]: nss_ldap: could not search LDAP server - 
Server is unavailable
Apr 19 22:48:10 svr1 sshd[660]: fatal: login_get_lastlog: Cannot find account 
for uid 2000

        Removing the bind_policy from the file then retrying, it worked fine. 

        The second solution I tried was to change the slapd.sh file to just 
launch 
the deamon i.e. '/usr/local/libexec/slapd'. This seems to work,  but it is 
very unelegent, and it may have knock on effects I am unaware of at this 
time. I'm more interested in getting the process right to set it up at this 
stage, rather than hacking away to get a working system (I'm working on a 
series of documents). 

        I'm doing this on a virgin 6.0 installation, cvsuped with the latest 
ports, 
fresh install of openldap22, pam_ldap and nss_ldap.  

        So the question is, is this a common problem, if not then what I am 
doing wrong to create it, if so then is there a more elequent solutions than 
hacking away at the startup script? 

        The thread that suggests the bind_policy also mentions 'nss_reconnect_* 
parameters', which certainly sounds like it could be the answer, but I havn't 
been able to google anything about them. 

Cheers, 
Martin 
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to