[389-users] xinetd app LDAP errors when LDAP server is down for non-LDAP user
Nalin Dahyabhai
nalin at redhat.com
Fri Aug 5 20:15:46 UTC 2011
On Thu, Aug 04, 2011 at 11:41:04AM -0400, up at 3.am wrote:
> We're having a pretty severe issue of a server/client app that is running out of
> xinetd generating nss_ldap errors when the primary LDAP server is down. The thing
> is, the user that this application (nagios nrpe) runs as exists in every host's
> /etc/passwd (and group) file and NOT in the Directory Server, just for this
> reason. I am wondering if this is a pam issue, but I admit I do not know to what
> extent that service users consult pam.
The xinetd daemon doesn't link with libpam, so I doubt it's an issue. I
think it's more likely that, because supplemental group membership is
retrieved from all available sources, xinetd is attempting to determine
which of the groups you've defined in the directory server the user is a
member of.
If that is indeed what's happening, then you'll want to look into
adjusting the value of the "nss_initgroups_ignoreusers" in nss_ldap's
configuration file.
HTH,
Nalin
More information about the 389-users
mailing list