pam_ldap : Impossible to connect with local account when ldap server is down

Posted by Antonin AMAND Mon, 28 Aug 2006 10:23:00 GMT

Versions (debian packages):

libnss_ldap : 251-1
libpam-ldap : 180-1

When using ldap authentification with pam_ldap, if ldap server fails it may be impossible, or very slow to login even with a local account.

This happen when libnss-ldap is configured with the option :

bind_policy hard_open

To fix this, use :

bind_policy soft

Posted in Server Administration, Debian, Unix, Linux
Tags ldap, pam
Meta no trackbacks, no comments, permalink, rss, atom

Trackbacks

Use the following link to trackback from your own site:
http://blog.gwikzone.org/trackbacks?article_id=pam_ldap-impossible-to-connect-with-local-account-when-ldap-server-is-down&day=28&month=08&year=2006

Comments

Syndicate

Gwik's corner

tech blog