I setup a ldap server to authenticating linux clients. My setup was ok , and clients was authenticating from server properly. Today due to some reason my ldap server become down and i try to logon linux using local account. But there was long time taken by clients for login screen, i become fade up with that, i edited my /etc/nsswitch.conf file in single use mode, removed ldap from passwd and group section. But then i concluded that this occur occur because my ldap client configuration is not proper. I edited my /etc/ldap.conf and entered following entries in it.
base dc=abc,dc=del
uri ldaps:// s1.abc.del ldaps://s2.abc.del
ldap_version 3
timelimit 10
bind_timelimit 10
nss_initgroups_ignoreusers root,ldap,named,avahi,
haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
ssl yes
pam_password md5
nss_base_passwd ou=People,dc=abc,dc=del
nss_base_group dc=abc,dc=del
use_sasl off
tls_checkpeer yes
TLS_CACERTFILE /etc/pki/tls/certs/ca-bundle.crt
bind_policy hard_open
idle_timelimit 3550
Now everything is fine.
base dc=abc,dc=del
uri ldaps:// s1.abc.del ldaps://s2.abc.del
ldap_version 3
timelimit 10
bind_timelimit 10
nss_initgroups_ignoreusers root,ldap,named,avahi,
haldaemon,dbus,radvd,tomcat,radiusd,news,mailman
ssl yes
pam_password md5
nss_base_passwd ou=People,dc=abc,dc=del
nss_base_group dc=abc,dc=del
use_sasl off
tls_checkpeer yes
TLS_CACERTFILE /etc/pki/tls/certs/ca-bundle.crt
bind_policy hard_open
idle_timelimit 3550
Now everything is fine.
