[CentOS] nss_ldap failed to bind to LDAP server 127.0.0.1

Wed Feb 20 01:05:45 UTC 2008
Craig White <craigwhite at azapple.com>

On Tue, 2008-02-19 at 16:24 -0800, Hugh E Cruickshank wrote:
> From: Craig White Sent: February 19, 2008 16:08
> > On Tue, 2008-02-19 at 16:05 -0800, Hugh E Cruickshank wrote:
> > > From: Craig White Sent: February 19, 2008 15:31
> > > > 
> > > > On Tue, 2008-02-19 at 14:09 -0800, Hugh E Cruickshank wrote:
> > > > > 
> > > > >   Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: failed to bind to
> > > > >   LDAP server 127.0.0.1: Can't contact LDAP server
> > > > >   Feb 17 19:46:18 fisds0 named[23187]: nss_ldap: reconnecting to
> > > > >   LDAP server...
> > > > > 
> > > > > However the errors are still being reported in the messages log
> > > > > file.
> > > > > The errors are valid as we do not have and LDAP server (on my list 
> > > > > for a future project). What I am trying to figure out is why it is
> > > > > looking for one. I have done some additional google searching but I
> > > > > have not found any definitive answers. From what I have seen I
> > > > > suspect
> > > > > that the problem lays with our /etc/nsswitch.conf file and that I 
> > > > > need to change references to "file ldap" to just "files".
> > > > >
> > > >  
> > > > I have to use these in CentOS 5.x
> > > > 
> > > > tail -n 4 /etc/ldap.conf
> > > > timelimit 30
> > > > bind_timelimit 30
> > > > bind_policy soft
> > > > nss_initgroups_ignoreusers root,ldap
> > > > 
> > > 
> > > Thanks for the suggestion but these would appear to control the way
> > > that LDAP behaves. Since we do not have an LDAP server I would think
> > > that they would be superfluous. What I really need to do is stop
> > > things from looking for an LDAP server in the first place.
> > > 
> > 
> > gotcha
> > 
> > what is in /etc/nsswitch.conf ?
> > 
> 
> Back to my original question then....
> 
>   The errors are valid as we do not have an LDAP server. What I am
>   trying to figure out is why it is looking for one. I have done some
>   additional google searching but I have not found any definitive
>   answers. From what I have seen I suspect that the problem lays with
>   our /etc/nsswitch.conf file and that I  need to change references 
>   to "file ldap" to just "files".
> 
> Here are the (essential) contents of the /etc/nsswitch.conf file:
> 
> passwd:     files ldap
> shadow:     files ldap
> group:      files ldap
> hosts:      files dns
> bootparams: files
> ethers:     files
> netmasks:   files
> networks:   files
> protocols:  files ldap
> rpc:        files
> services:   files ldap
> netgroup:   files ldap
> publickey:  files
> automount:  files ldap
> aliases:    files
----
dude - if you aren't running an ldap server, there is absolutely no
reason to have nsswitch.conf tell it to look for an ldap server.

remove all the references to ldap since you don't have an ldap server

Craig