> ---- > I use the following to prevent hanging at startup with LDAP. > > nss_initgroups_ignoreusers root,ldap,bacula,named > timelimit 30 > bind_timelimit 30 > bind_policy soft > > This is because some daemons start prior to the start of OpenLDAP > service. > > Obviously adding haldaemon, dbus, radvd, tomcat, etc. or other 'users' > for daemons that launch prior to your LDAP server application is useful > but those users would have to be listed in /etc/passwd|group to > significantly benefit. > > Craig Hi Craig, The problem I have with listing those ignoreusers, is you need to know in advance which services are on the system, and that's not always the case. Or if a user installs a new daemon, he'll break his start-up of the server should he ever be unable to connect to the LDAP systems. Perhaps I'm asking too much, but could anyone try the following config (in a VM or so, with networking disabled)? This is the one that is causing boots to hang indefinitely, even though there are "bind_policy soft" parameters involved. /etc/ldap.conf ======================================= ldap_version 3 base ou=people,o=company uri ldaps://srv.domain.be/ ldaps://srv2.domain.be/ scope sub timelimit 5 bind_timelimit 5 bind_policy soft idle_timelimit 15 timeout 5 # If the LDAP server is unavailable during boot, don't retry too often # or the system will hang on the System Message Bus service bind_timeout 2 #nss_reconnect_tries 2 #nss_reconnect_sleeptime 1 #nss_reconnect_maxsleeptime 3 #nss_reconnect_maxconntries 2 referrals no ssl start_tls ssl on tls_checkpeer yes tls_cacertdir /etc/openldap/cacerts pam_filter objectclass=posixAccount pam_login_attribute uid pam_min_uid 5000 pam_max_uid 6000 #pam_groupdn cn= company -shared,ou=groups,o=company pam_groupdn cn= company -managed,ou=groups,o=company pam_member_attribute memberUid pam_password md5 nss_base_passwd ou=people,o= company nss_base_shadow ou=people,o= company nss_base_group ou=groups,o= company #debug 255 #logdir /tmp/ ======================================= Or if anyone else can spot an obvious "Dude, why the f#!? did you put in those lines"-error, please inform me. :-) Thanks everyone for your interest and comments! Kind regards, Mattias