Re: No timeout for nss_ldap?

Tony Earnshaw skrev, on 02-01-2008 18:14:

>> bind_policy soft
>
> Which, unless he alters other things, like nss_initgroups_ignoreusers
> will most probably bring him to a never-ending hang on his next reboot.
>
> Been there, seen it, done it (on production machines: The clientèle is
> *not* particularly forgiving until one's sassed it out).

I take this back, this is rubbish, written by me; Jamin W. Collins was
right.

However, the point is, that there are certain nss_ldap services that
need bind_policy hard/hard_open to work properly. Moving these to
"bind_policy soft" will effectively disenable them. So after a reboot
their config has to be changed back again to bind_policy hard/hard_open.
Granted that's crap, but it has to be done for those services, *unless*
one can isolate them and change services' startup order.

--Tonni

--
Tony Earnshaw
Email: tonni at hetnet dot nl