Re: RE: [pamldap] if ldap server is down - no ssh prompt or local logins work

On Tuesday 07 March 2006 14:15, Berend De Schouwer wrote:

> > bind_policy soft
>
> bind_policy soft does not work for me.  I tested it, because it looked
> like a solution.  I can't remember the exact details, but I'll try:
>
> If you have multiple hosts specified, and one works, nss_ldap binds to
> that.  If that server goes down,  and bind_policy is soft, it does not
> try the others -- it just assumes the server is down, and that's it.
>
> I've got more than one LDAP server.  I want it to use more than one, and
> only stop warning when all three stop responding (network down.)  I
> have to use bind_policy hard.

Works for me with:

# grep ^host /etc/ldap.conf
host   192.168.0.51 localhost
# grep ^passwd /etc/nsswitch.conf
passwd:     files ldap
# grep ^bgmilne /etc/passwd
#

1)First host in the list is up:

# telnet 192.168.0.51 389
Trying 192.168.0.51...
Connected to 192.168.0.51 (192.168.0.51).
Escape character is '^]'.
^]
telnet> Connection closed.
# getent passwd bgmilne
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash
#


2) First host in the list is down:

# ifconfig eth0 down
# telnet 192.168.0.51 389
Trying 192.168.0.51...
telnet: connect to address 192.168.0.51: Network is unreachable
telnet: Unable to connect to remote host: Network is unreachable
# getent passwd bgmilne
bgmilne:x:501:501:Buchan Milne:/home/bgmilne:/bin/bash
# /etc/init.d/ldap stop
Stopping slapd:                                                 [  OK  ]
# getent passwd bgmilne
#


I'm currently running nss_ldap 245.

Have you got another way of reproducing your problem?

Regards,
Buchan
-- 
Buchan Milne
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

pgpP6ijbrQmCQ.pgp
Description: PGP signature