[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP auth server

To: <openldap-software@OpenLDAP.org>
Subject: OpenLDAP auth server
From: "Terry Ewing" <openldap@deadtrout.com>
Date: Thu, 7 Feb 2002 11:12:36 -0500

Hello all,
   I'm trying to set up LDAP authentication on Solaris servers using
OpenLDAP 2.0.19 and the PADL_PAM and PADL_NSS drivers.  I have everything
working fine so far.  slapd is running in debug mode and I can see queries
made when I do an ls -l on a client box.  I added an entry into the ldap
database for a test user called "ldapguy", chowned a file to his uid and his
name appears as the owner of the file when I do an ls -l.  This confirms
that nss is using LDAP correctly.

   Here's my concern: I killed slapd on the authentication server and
restarted it.  Now the client machine is not communicating with the ldap
server any more.  Do the PADL_NSS and PADL_PAM modules use persistent
connections or do they open a socket for each request?  Are they robust
enough to handle a downed LDAP server and reestablish new sockets?  Is the
information cached on the client side?

   I know many people are using this setup in production Solaris
environments and I doubt they'd be willing to do so if they had to reboot
each client machine after a glitch in the LDAP server process.  Is there
something I'm missing?


Specific info about my testlab:
2 Netra T1 servers each running Solaris 8 (04/01)
openldap 2.0.19 on ldap server
ANDIrand-0.7-5.8 on both server and client to provide /dev/random and
/dev/urandom
nss_ldap and pam_ldap from PADL running on client machine


Thanks,
Terry Ewing

Follow-Ups:
- Outlook and openldap
  - From: "Kamesh Patel" <kamesh.patel@emsgroup.co.uk>

Prev by Date: RE: Encrypting attributes of my choice
Next by Date: Re: dc's in the suffix and adding the node to the tree
Index(es):
- Chronological
- Thread