When net/openldap24-server is installed and [font=monospace]ldap[/font] option is used in /etc/nsswitch.conf, system is almost unusable in case slapd is not running. System is for some reason ignoring default files[success=return] option for local users and groups including root, wheel and slapd. Several attempts to google some solution finds only unsolved questions. So my attempt to solve this problem is:
And my questions are:
- Specify somewhere, that LDAP server used for mapping is local and standalone
- Test for presence of ldap or ldap[options] entries in /etc/nsswitch.conf
- Disable these entries
- Stop or restart server
- Test, if server is running
- Test, if ldap or ldap[options] has been disabled in /etc/nsswitch.conf and re-enable them
And my questions are:
- How to configure it?
Where to specify, that slapd is running in standalone mode and I want to disable ldap option in /etc/nsswitch.conf?- As option in /etc/rc.conf from where is slapd started?
- As option in /etc/rc.local?
- As new file under /usr/local/etc where ports configuration belongs?
- "Automagically" test, if peers exists in config file?
- How to parse end modify nss config?
In /usr/local/etc/rc.d/slapd should be tested, if user wants to disable ldap option in /etc/nsswitch.conf, search for this option in file and comment it out. What is in your opinion best method to do that? Search for regex in file, comment out found line with some comments (ie. something by sysinstall comments in /etc/rc.conf or perl comments in /etc/make.conf) and copy such entry without ldap option with sed for example?
Can anyone provide some example, how to:- Search for lines with ldap option with or without options entries
- Comment it out with some descriptive comment
- Create new similar entries without ldap option
- Reverse everything written above
