Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Linux, LDAP, and nsswitch.conf's "hosts"

73 views
Skip to first unread message

Michael Peek

unread,
Nov 12, 2009, 10:10:02 AM11/12/09
to
Hi again gurus,

I'm in the process of converting our organization from NIS to LDAP. I
have an LDAP server set up and working, i.e.

1) ldapsearch -x returns stuff
2) id <username> returns the correct information

And maybe I misunderstand, but it's my understanding that I can use LDAP
to also set up a list of known hosts -- i.e. a replacement for the NIS
hosts.byname map. So I:

1) Set up a ou=hosts,dc=nimbios,dc=org entry in the database
2) In /etc/ldap/ldap.conf, I set: nss_base_hosts ou=hosts,dc=nimbios,dc=org
2) In /etc/nsswitch.conf I set: hosts: files ldap dns

But when I do so the networking freezes on the client until I remove the
"ldap" from the "hosts" entry in /etc/nsswitch.conf.

Do I misunderstand how this is supposed to work? I would have thought
that if the hosts lookup in LDAP failed then it would fall through to DNS.

Thanks for your help,

Michael


--
To UNSUBSCRIBE, email to debian-us...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listm...@lists.debian.org

Laurent Guignard

unread,
Nov 15, 2009, 7:10:03 AM11/15/09
to
On Thu, 12 Nov 2009 10:00:46 -0500, Michael Peek wrote:
> Hi again gurus,
>
> I'm in the process of converting our organization from NIS to LDAP. I
> have an LDAP server set up and working, i.e.
>
> 1) ldapsearch -x returns stuff
> 2) id <username> returns the correct information
>
> And maybe I misunderstand, but it's my understanding that I can use LDAP
> to also set up a list of known hosts -- i.e. a replacement for the NIS
> hosts.byname map. So I:
>
> 1) Set up a ou=hosts,dc=nimbios,dc=org entry in the database
> 2) In /etc/ldap/ldap.conf, I set: nss_base_hosts ou=hosts,dc=nimbios,dc=org
> 2) In /etc/nsswitch.conf I set: hosts: files ldap dns
>
> But when I do so the networking freezes on the client until I remove the
> "ldap" from the "hosts" entry in /etc/nsswitch.conf.
>
> Do I misunderstand how this is supposed to work? I would have thought
> that if the hosts lookup in LDAP failed then it would fall through to
> DNS.
>
> Thanks for your help,
>
> Michael
>

Hi Michael,

In nsswitch.conf manual, it is written that the default action on "unavail"
and "tryagain" is to "continue". So, in your case, it should lokking for hosts
in DNS...
May be you could try :
hosts: files ldap [!SUCCESS=continue] dns

It should be the default behaviour of the system but in doubt...

Good week-end.

Regards.

--
Laurent Guignard, Registered as user #301590 with the Linux Counter
Site : http://www.famille-guignard.org
Blog : http://blog.famille-guignard.org
Projet : http://sicontact.sourceforge.net
GULL de Villefranche sur Saône : http://www.cagull.org

0 new messages