OpenLDAP client configuration
Configuring thunderbird to use LDAP address book
We can use following values to create LDAP address book in thunderbird that uses Rekall ldap server:
- Name: REKALL LDAP
- Hostname: ldap.sbarjatiya.com
- Base DN: dc=sbarjatiya,dc=com
- Port number=389
- Bind DN: <leave blank>
Configuring host to use ldap for host resolution
To configure an machine to do host resolution using ldap server use following steps:
- Install 'nss-pam-ldapd' packages
- Edit '/etc/nslcd.conf' and correct 'base' and 'uri' settings mentioned at end of configuration file
- Start 'nslcd' service, optionally enable it to run on start-up
- Edit '/etc/nssswitch.conf' and add ldap in hosts: line at end. Ensure to add it at end so that if ldap host is domain-name in nslcd.conf, then DNS or hosts file can be used to resolve it so that ldap server can be contacted for further resolution
- Try 'getent hosts' to check settings.
ls -l too slow
When one uses 'ls -l' on ldap clients then client has to contact ldap server to convert numeric UIDs and GIDs to corresponding usernames and group names as this information is not available in /etc/passwd or /etc/groups. This causes commands like 'ls -l' to become very slow. This is same as slowing of 'iptables -L' or 'route -a' while trying to do reverse lookup.
Hence, we should install and enable daemon called nscd (name service cache daemon). This helps in caching information provided by ldap/nis etc. servers and hence speeds up commands like 'ls -l'.
Server hangs during booting at udev
Some times ldap clients hang while booting at udev. Since network services are not started before udev, the client cant contact ldap server. For some reason even though it is impossible for ldap client to connect to ldap before network service is started, it tries to contact ldap server during boot. Also default configuration for ldap clients is 'bind_policy hard' which causes server to keep trying with exponential back off and retry connecting to ldap server. This leads to server getting hanged during boot.
To solve this problem we can edit '/etc/ldap.conf' file and change 'bind_policy' to soft as:
This solves the problem of ldap clients hanging during boot.