[CentOS] CentOS 5.3 LDAP problem.

Tue Sep 29 16:35:28 UTC 2009
Craig White <craigwhite at azapple.com>

On Tue, 2009-09-29 at 11:20 -0500, Dan Burkland wrote:
> I experienced the same problem and found a solution. In your /etc/ldap.conf file (which I had the ldap.conf in /etc/openldap symlinked to), add the following line to the bottom of the file:
> 
> nss_initgroups_ignoreusers root,haldaemon,dbus,ldap,sshd (any other group that is locally stored and used by applications go here)
> 
----
having these lines in /etc/ldap.conf has helped me a lot...

timelimit 30
bind_timelimit 30
bind_policy soft
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus

As for symlinking /etc/ldap.conf to /etc/openldap/ldap.conf...

that's a bad idea because they serve different purposes. OpenLDAP
developers have often lamented that padl chose to name their settings
file with the same name and it just creates confusion.

/etc/ldap.conf is for nss/padl 

/etc/openldap/ldap.conf is for users who execute openldap client
programs such as ldapsearch/ldapmodify/etc.

The file contents are necessarily different.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.