LDAP and Redhat, a story of hangs and timeouts

Had to post this as I recently encountered an annoyance again today with LDAP on Redhat timing out if the LDAP servers can’t be reached. Sometimes, when a Linux box boots and hangs on some services like postfix, systembus, system logger, anything with a special user/group that will be mistakenly authenticated against LDAP. Not a problem if the network is there, but if not it will time out.
Add this to /etc/ldap.conf
nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus

You could also fine tune with the following.
bind_timeout 2

nss_reconnect_tries 2

nss_reconnect_sleeptime 1

nss_reconnect_maxsleeptime 3

nss_reconnect_maxconntries 3



Leave a Reply