Kostik Belousov wrote: > [Removed questions] > > On Fri, Apr 24, 2009 at 04:16:51PM +0200, Ruben de Groot wrote: > >> On Fri, Apr 24, 2009 at 12:34:01PM +0200, Ivan Voras typed: >> >>> O. Hartmann wrote: >>> >>>> Since several months after a upgrade from OpenLDAP 2.4.11 to the most >>>> recent one I have trouble login in on machines which authenticate users >>>> via OpenLDAP. >>>> >>>> >>> I've just installed a fresh machine with FreeBSD 7.2 amd64 and OpenLDAP >>> 2.4.latest and it works. The only difference might be that I'm using nscd. >>> >>> Have you modified /etc/pam.d files? >>> >> I had a problem with nss_ldap and openldap over ssl. This patch fixed it: >> >> http://www.freebsd.org/cgi/query-pr.cgi?pr=133501&cat=ports >> > > Actually, bug reports against threading library in 7.0/7.1 should > be rechecked against upcoming 7.2, since libthr got a complete sync > with HEAD. In particular, several issues were fixed that are related > to fork and threads interaction. > > If the issue is still present in 7.2, then the best way to start some > progress is to get isolated failing test case for libthr. > The problem I specifically mentioned affects the same way a pure FreeBSD 8.0-CURRENT/amd64 installation and is identical to that what I see with FreeBSD 7.2-STABLE. I change the order of look-for-targets in /etc/nsswitch.conf: previously not working and triggering issues I reported: group: files ldap passwd: files ldap working after exchanging order: group: ldap files passwd: ldap files This is weird! After I changed that, the first attempt issuing the passowrd now takes 20 seconds to respond even for local users, if I hit return for the first passwd-attempt and issuing the passd on second attempt runs immediately towards expected login. Intention of having first files looked up was: sometimes LDAP is dead or we make tests and can not reach LDAP, so we need to login via local stored users. Having first LDAP consulted makes a login a desaster: after a minute some boxes cancel login attempt caused by timeout. That's fun. Even with passwd: ldap [unavail=continue notfound=continue] files [success=return notfound=return] group: ldap [unavail=continue notfound=continue] files [success=return notfound=return] it fails. There is something wrong, not specifically with 7.2. OliverReceived on Sat Apr 25 2009 - 14:32:19 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:46 UTC