This occurs because, on boot, the server it checking all users for all groups, and this takes about a day (depending of your config). Another work-around, the one I opted for, is using the 'nss_initgroups_ignoreusers' in /etc/ldap.conf. At a minimum, you'll need 'root' in the list.
# work-around for the nsswitch group issue nss_reconnect_tries 3 nss_initgroups_ignoreusers root,ldap,named,haldaemon,radiusd,linux_admin Thanks, Joe ---------------------------------------- > From: [email protected] > To: [email protected] > Subject: Re: /etc/nsswitch cause delay in start > Date: Wed, 25 Nov 2009 08:34:33 +0100 > CC: [email protected] > > On Wednesday, 25 November 2009 05:55:07 vishesh kumar wrote: >> Dear friends >> >> I am facing a unique problem in openldap 2.3.43 on rhel 5. 2. If i specify >> ldap in /etc/nsswitch.conf like >> >> passwd files ldap >> shadow files ldap >> group files ldap >> >> >> And then start my ldap server, it takes lots of time to start ldap server. >> >> If i remove ldap from /etc/nsswitch.conf , it start immediately. >> >> >> Can anyone suggest be any solution for this problem. > > Easiest workaround is: > > echo "bind_policy soft">> /etc/ldap.conf > > (Note, this is an nss_ldap issue, and delays during startup of a machine can > be seen in the case where OpenLDAP is not running locally) _________________________________________________________________ Hotmail: Trusted email with Microsoft's powerful SPAM protection. http://clk.atdmt.com/GBL/go/177141664/direct/01/ http://clk.atdmt.com/GBL/go/177141664/direct/01/
