Petter Reinholdtsen a écrit :
Yes, it seems to be the same goal... but for ldap auth and no kerb...!![Anthony Berger]i try to configure the auth of my all users by a openldap server. So i configure libpam-ldap libnss-ldap (with db in nsswitch.conf) and nss_udatedb (with a cron to update de db users) configure the libpam_ccreds to be able to auth the user even if the network is down (more specially Laptop)Very interesting configuration. Is this similar to the configuration on <URL:http://www.flyn.org/laptopldap/laptopldap.html> for mobile laptops?
DNS; i haven't thougth about that...!If the interface is not configure, after a first auth on the ldap, the user authenticated If a interface is NOT configure (Only loopback) , it take a long, long time, and the user is not auth on the ccreds file. WATH's the problemCould it be a DNS timeout problem? Is the LDAP server listed in /etc/hosts? If the timeout is 3 minutes, it might be the nss-ldap connect call that take forever.
I will try to put the ldap server in /etc/hosts
yes, the timeout is aproximatively 3 minutes. But i don't use the libnss-ldap, I use the libnss-db so the information are provided by a local db.
(I use a cron "nss_updatedb ldap" every 10 minutes (maybe it could be more!!!) )
I don't think is due to nss ldap.
about my configuration :
passwd: files db
shadow: files db
group: files db
hosts: files nis dns
protocols: db files
services: db files
ethers: db files
rpc: db files
Did you consider the nss-ldapd module? It have a local LDAP proxy (nslcd) doing the connections to the LDAP server, so it would have it easier to keep track of the connection status. How did yuo configure NSS?