Re: question about the libpam-ldap debian package.

[Anthony <anthony.berger@cea.fr>]

Hello

Petter Reinholdtsen a écrit :

[Anthony Berger]
  

i try to configure the auth of my all users by a openldap server.
So i configure libpam-ldap libnss-ldap (with db in nsswitch.conf)
and nss_udatedb (with a cron to update de db users) configure the
libpam_ccreds to be able to auth the user even if the network is
down (more specially Laptop)
    

Very interesting configuration.  Is this similar to the configuration
on <URL:http://www.flyn.org/laptopldap/laptopldap.html> for mobile
laptops?

  

Yes, it seems to be the same goal... but for ldap auth and no kerb...!!

If the interface is not configure, after a first auth on the ldap,
the user authenticated If a interface is NOT configure (Only
loopback) , it take a long, long time, and the user is not auth on
the ccreds file.

WATH's the problem
    

Could it be a DNS timeout problem?  Is the LDAP server listed in
/etc/hosts?  If the timeout is 3 minutes, it might be the nss-ldap
connect call that take forever.

  

DNS; i haven't thougth about that...!
I will try to put the ldap server in /etc/hosts

And

yes, the timeout is aproximatively 3 minutes.  But i don't use the libnss-ldap, I use the libnss-db so the information are provided by a local db.
(I use a cron "nss_updatedb ldap" every 10 minutes (maybe it could be more!!!) )
I don't think is due to nss ldap.

about my configuration :

- nsswitch.conf:
passwd:         files db
shadow:         files db
group:          files db
hosts:          files nis dns
networks:       files
protocols:      db files
services:       db files
ethers:         db files
rpc:            db files

netgroup:       nis

Did you consider the nss-ldapd module?  It have a local LDAP proxy
(nslcd) doing the connections to the LDAP server, so it would have it
easier to keep track of the connection status.

How did yuo configure NSS?

  

Happy hacking,
  

bye

Anthony