SGksYWxsDQoNCiAgSSB3YW50IHRvIHNldHVwIFRydWVUeXBlIGZvbnRzLHNvIEkgbWFrZSB0
dG1rZGlyLkJ1dCBJIGdldCBzb21lIGVycm9ycyBmb3IgY29tcGlsaW5nIGl0IHNob3duIGxp
a2UgYXMgZm9sbG93Lg0KDQoNCg0KPT09PiAgQnVpbGRpbmcgZm9yIHR0bWtmZGlyLTIwMDIx
MTA5XzENCg0KbGlidG9vbDEzIC0tbW9kZT1jb21waWxlIGcrKyAtTyAtcGlwZSBgZnJlZXR5
cGUtY29uZmlnIC0tY2ZsYWdzYCAtbyBjb21tYW5kbGluZS5vIC1jIGNvbW1hbmRsaW5lLmNw
cA0KDQpybSAtZiAubGlicy9jb21tYW5kbGluZS5sbw0KDQpnKysgLU8gLXBpcGUgLUkvdXNy
L2xvY2FsL2luY2x1ZGUvZnJlZXR5cGUyIC1JL3Vzci9sb2NhbC9pbmNsdWRlIC1jIGNvbW1h
bmRsaW5lLmNwcCAgLWZQSUMgLURQSUMgLW8gLmxpYnMvY29tbWFuZGxpbmUubG8NCg0KSW4g
ZmlsZSBpbmNsdWRlZCBmcm9tIC91c3IvaW5jbHVkZS9jKysvMy40L2JpdHMvZ3Roci1kZWZh
dWx0Lmg6NDQsDQoNCiAgICAgICAgICAgICAgICANCmZyb20gL3Vzci9pbmNsdWRlL2MrKy8z
LjQvYml0cy9ndGhyLmg6OTYsDQoNCiAgICAgICAgICAgICAgICANCmZyb20gL3Vzci9pbmNs
dWRlL2MrKy8zLjQvYml0cy9jKytpby5oOjM3LA0KDQogICAgICAgICAgICAgICAgDQpmcm9t
IC91c3IvaW5jbHVkZS9jKysvMy40L2lvc2Z3ZDo0NywNCg0KICAgICAgICAgICAgICAgIA0K
ZnJvbSAvdXNyL2luY2x1ZGUvYysrLzMuNC9iaXRzL3N0bF9hbGdvYmFzZS5oOjcwLA0KDQog
ICAgICAgICAgICAgICAgDQpmcm9tIC91c3IvaW5jbHVkZS9jKysvMy40L2JpdHMvY2hhcl90
cmFpdHMuaDo0NiwNCg0KICAgICAgICAgICAgICAgIA0KZnJvbSAvdXNyL2luY2x1ZGUvYysr
LzMuNC9zdHJpbmc6NDcsDQoNCiAgICAgICAgICAgICAgICAgZnJvbSBjb21tYW5kbGluZS5o
OjUsDQoNCiAgICAgICAgICAgICAgICAgZnJvbSBjb21tYW5kbGluZS5jcHA6NjoNCg0KL3Vz
ci9pbmNsdWRlL3VuaXN0ZC5oOjM3NjogZXJyb3I6IGRlY2xhcmF0aW9uIG9mIEMgZnVuY3Rp
b24gYGludCBnZXRvcHQoaW50LCBjaGFyKiBjb25zdCosIGNvbnN0IGNoYXIqKScgY29uZmxp
Y3RzIHdpdGgNCg0KL3Vzci9sb2NhbC9pbmNsdWRlL2dldG9wdC5oOjExNTogZXJyb3I6IHBy
ZXZpb3VzIGRlY2xhcmF0aW9uIGBpbnQgZ2V0b3B0KCknIGhlcmUNCg0KZ21ha2U6ICoqKiBb
Y29tbWFuZGxpbmUub10gRXJyb3IgMQ0KDQoqKiogRXJyb3IgY29kZSAyDQoNCg0KVGFua3Mu
DQoNCldpdGggUmVnYXJkLg0KDQoNCg==From brooks at one-eyed-alien.net Fri Jan 20
09:00:39 2006
From: brooks at one-eyed-alien.net (Brooks Davis)
Date: Fri Jan 20 09:00:52 2006
Subject: Using [Open]LDAP for authentication
In-Reply-To: <200601201130.18872.doconnor@gsoft.com.au>
References: <200601201130.18872.doconnor@gsoft.com.au>
Message-ID: <20060120170032.GA23901@odin.ac.hmc.edu>
On Fri, Jan 20, 2006 at 11:30:10AM +1030, Daniel O'Connor
wrote:> Hi,
> I use OpenLDAP for authentication in conjunction with nss_ldap and pam_ldap
> (and samba). I use the RCORDER port option so it put the startup file
> in /etc/rc.d.
>
> In 5.4 this worked fine - it started up correctly and in the right place.
> However I upgraded to 6.0-STABLE (11/12/05) and when I ran mergemaster I
> accidentally told it to delete the rc.d file (doh..) I then upgraded to a
> slightly later version of openldap (a newer version of openldap23-server).
>
> The problem now is that OpenLDAP appears to start very late, since lots of
> things need to do nss_ldap lookups it means bootup is very glacial as they
> timeout.
>
> In the end I hacked up /etc/rc.d/SERVERS to require slapd and took the
SERVERS
> requirement out of /etc/rc.d/slapd
>
> I wonder if there should be another dummy rc.d file which marks where
services
> that supply passwd/group/etc information are available and then SERVERS can
> depend on that (because a lot of servers need to be able to change to
another
> user ID after starting).
>
> Then again maybe my nsswitch.conf is broken as I have..
> group: ldap files
> hosts: files dns
> networks: files
> passwd: ldap files
> shells: files
>
> Maybe I should swap files and ldap around.. Hmm I'll try that and see
:)
>
> Even if that does fix it, I think it would be good to be able to run
OpenLDAP
> as early as practical.
Files should definitly come first and services that start before DAEMON,
and possily before LOGIN should really have their necessicary users and
groups in local files. Nothing that requires user accounts or performs
actions on behalf of users should start before LOGIN.
-- Brooks
--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20060120/c42bd377/attachment.bin