Arthur de Jong wrote:
> On Tue, 2009-04-21 at 15:22 -0500, Douglas E. Engert wrote:
>>> Your analysis makes sense to me. But at the moment I'm no longer
>>> interested in nss-ldap since nss-ldapd ( + slapd nssov) works better
>>> and offers easier administration.
>> Sounds interesting, but we are trying to stick with what is offered by
>> Ubuntu.
>
> FWIW some releases of Ubuntu have nss-ldapd (libnss-ldapd) but I would
> avoid version 0.5. The 0.6.7 release is known to work quite well and is
> included in Debian stable. There is however no packaged version of the
> nssov in slapd as far as I know (but you can use nss-ldapd without it).
Thanks, we will have to look at that.
I did see in the archives that Howard Wilkinson on Dec 9, 2008
"Mega patch against nss_ldap 264" said:
"My intention with this is to make the critical path through the code run
the minimal code when a connection to the LDAP server exists, make
recovery on failure more resilient, and provide for multiple SASL mechs
without need to alter the ldap-nss code."
If it handles the cases where do_result fails, and timeout and connection
errors reconnect to any server that may fix the issue I have seen.
>
> Since we're working hard on a PAM module (actually Howard Chu is doing
> all the hard work at the moment) as a side effect we may also make it
> more easily possible to use the nss-ldapd NSS module together with a
> packaged slapd-nssov package (if such a package would be made).
>
> (it's a bit awkward to post a more or less nss-ldapd promotional message
> on the nss_ldap list)
>
--
Douglas E. Engert <
DEEngert@...>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
