[389-users] With LDAP server stopped, local authentication fails...
Sean Carolan
scarolan at gmail.com
Thu Feb 11 18:05:55 UTC 2010
> But if --enableldap is changed to --disableldap, then the local users
> can log on and run sudo commands fine. This of course is all while
> the LDAP server is down.
I may have narrowed down the problem a bit. Inside /etc/nsswitch.conf
there is a line that looks like this:
group: files ldap
It's as if the local system is searching for some group data on the
ldap server, but is never able to reach it so it just sits there and
hangs. If I remove the 'ldap' part from the end, logins work fine
with no issues even when the ldap server is down.
So my questions are:
1. Why is this group line gumming up the entire authentication process?
2. Do I need "ldap" on the group line? If I take it out how will it
affect my running systems?
More information about the 389-users
mailing list