bind policy | JK Archives Blog

Now using NSS_LDAP for LDAP Client. /etc/ldap.conf is being controlled NSS_LDAP.
NSS_LDAP has reconnect policy, default policy is hard_open(alias hard).

It means ..

# Reconnect policy: # hard_open: reconnect to DSA with exponential backoff if # opening connection failed # hard_init: reconnect to DSA with exponential backoff if # initializing connection failed # hard: alias for hard_open # soft: return immediately on server failure #bind_policy hard

hard_open mode is reconnecting the ldap server is down or problem, again and again.
because the result that this situation looks same hang up the server, we can’t access it and takes a long time to access it.
account by ldap and root account, too.

soft mode is return immediately on server failure.
If LDAP server is down, return message immediately. “Permission denied, please try again.”
and we can access for root account immediately when LDAP is down.

JK Archives Blog

For Game, Linux, System, IT, Security or Etc

Tag Archives: bind policy

Linux #10 : LDAP Server is down and then we can’t access all servers is using ldap authentication.