[Bug 253937] Re: Local login fails without LDAP server

[Steve Langasek]

Nothing looks amiss in the PAM or NSS configs.  From the description,
this is not a PAM problem at all, but an nss_ldap one: it's not the
authentication which fails, but the resolution of users and groups
afterwards.

I believe the relevant section of /etc/ldap/ldap.conf is this:

# Search timelimit
#timelimit 30

# Bind/connect timelimit
#bind_timelimit 30

# Reconnect policy: hard (default) will retry connecting to
# the software with exponential backoff, soft will fail
# immediately.
bind_policy soft

# Idle timelimit; client will close connections
# (nss_ldap only) if the server has not been contacted
# for the number of seconds specified below.
#idle_timelimit 3600

Note that, per nss_ldap(5),  the default time limit on connections to
the LDAP server (the bind_timelimit) is 30 seconds.  That's a 30 second
timeout for *each* process that needs to look up a username or group
name.  If you are concerned about usability when the LDAP server is
unavailable, you probably want to lower this timeout or run a cache such
as nscd.  (The libnss-ldap package Recommends: nscd).

** Changed in: libnss-ldap (Ubuntu)
Sourcepackagename: pam => libnss-ldap

-- 
Local login fails without LDAP server
https://bugs.launchpad.net/bugs/253937
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in ubuntu.