nss_ldap + sssd for hostname resolution
Nalin Dahyabhai
nalin at redhat.com
Mon Jun 13 20:00:45 UTC 2011
On Mon, Jun 13, 2011 at 03:45:50PM -0400, Luc Lalonde wrote:
> Hello Folks,
>
> I can't seem to get a combination that was working with Fedora 13 to work with Fedora 15.
>
> In Fedora 13 I would use these settings in /etc/nsswitch.conf:
>
> hosts: files dns ldap
I really would recommend not doing that -- the LDAP client libraries
tend to depend on hostname resolution, so using them for hostname
resolution has often caused problems when 'files' or 'dns' couldn't come
up with an answer that was asked for while connecting to the directory
server. In those cases, the nss_ldap module would then recurse into
itself. If the host name resolution path involved taking a lock, the
process would get stuck, and if it didn't, it would encounter the same
problem and keep recursing until it crashed.
> And in /etc/ldap.conf:
>
> nss_base_hosts ou=Hosts,dc=foobar,dc=org?one
>
> If I try to do this on Fedora 15, it doesn't work at all. Is there a way to do this without having to install 'nss_ldap'? I also would like to get the 'netgroups' from LDAP... this was also working with Fedora 13.
If you're using nss-pam-ldapd, you'd want to put something like this in
your /etc/nslcd.conf and make sure the nslcd service is started:
base hosts ou=Hosts,dc=foobar,dc=org?one
HTH,
Nalin
More information about the users
mailing list