Red Hat Bugzilla – Bug 180657
/etc/ldap.conf should block lookup of secondary groups for the ldap user by default
Last modified: 2014-08-31 19:28:07 EDT
Description of problem:
During system startup, the ldap init script attempts to run serveral commands
as the ldap user. If nsswitch.conf points at the ldap server, startup will be
delayed until nss_ldap gives up on trying to contact the server that isn't up
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.configure /etc/nsswitch.conf to use "files ldap" for groups.
2.configure /etc/ldap.conf to point to the ldap server on this machine
4.observe that the machine takes almost forever to boot.
Very long boot time
Normal boot time
The easiest solution is to add
to the default /etc/ldap.conf, possibly with a comment explaining what this
field does, and why we're using it.
Also adding "root", because it's a common case. Fixing for 248-2.