pam_ldap : Impossible to connect with local account when ldap server is down
Versions (debian packages):
- libnss_ldap : 251-1
- libpam-ldap : 180-1
When using ldap authentification with pam_ldap, if ldap server fails it may be impossible, or very slow to login even with a local account.
This happen when libnss-ldap is configured with the option :
bind_policy hard_open
To fix this, use :
bind_policy soft
