On Thu, Aug 04, 2011 at 11:41:04AM -0400, up(a)3.am wrote:
We're having a pretty severe issue of a server/client app that is
running out of
xinetd generating nss_ldap errors when the primary LDAP server is down. The thing
is, the user that this application (nagios nrpe) runs as exists in every host's
/etc/passwd (and group) file and NOT in the Directory Server, just for this
reason. I am wondering if this is a pam issue, but I admit I do not know to what
extent that service users consult pam.
The xinetd daemon doesn't link with libpam, so I doubt it's an issue. I
think it's more likely that, because supplemental group membership is
retrieved from all available sources, xinetd is attempting to determine
which of the groups you've defined in the directory server the user is a
member of.
If that is indeed what's happening, then you'll want to look into
adjusting the value of the "nss_initgroups_ignoreusers" in nss_ldap's
configuration file.
HTH,
Nalin