[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#5354) slapd repeatedly hangs and stops reponding

Hi,

Thanks to a suggestion in the -software list, (see
http://www.openldap.org/lists/openldap-software/200802/msg00136.html)
one solution for my config is to use the local DB as a subordinate
of an ldap backend that works with the remote server. (also suggested
by Howard Chu, but the config wasn't suitable). The resulting config is:
http://www.openldap.org/lists/openldap-software/200802/msg00153.html

Howard Chu wrote:
Oren Laadan wrote:
Howard Chu wrote:
[SNIP] 
Taking a step back: we have a departmental LDAP server for user auth,
(posix) groups, autofs maps and so on. In my group, we add to the DB
groups and autofs maps that do not exist on the remote server, so a
user on our machines can belong to additional groups.
[SNIP] 
not know if I can structure it differently. Ideally I could add entries
to the remote database, but that is impossible. The remote server
gives DN dc=MAIN,dc=EXAMPLE,dc=COM, which is what I made the local
server give (via the meta backend) and which is what the clients are
using as their base DN.

Since it appears that you just need to make your data work with pam_ldap/nss_ldap I suggest you (1) keep your local data in a distinct subtree and (2) read the pam/nss_ldap documentation regarding the use of multiple service search descriptors. There's no reason to be using suffixmassage here. 

Thanks for the suggestion; nss_ldap can have a directive "nss_base_<map>"
to specify server(s) for a particular map. This indeed does the trick to
extend passwd and group. I didn't find a metion of autofs maps, though.

I ended up using the 'subordinate' trick at the server size is it seems
more generic and require a change only at the server. It seems to work.

Thanks to all those that tried to help !

Oren.