On Thu, Aug 04, 2011 at 11:41:04AM -0400, up@xxxx wrote: > We're having a pretty severe issue of a server/client app that is running out of > xinetd generating nss_ldap errors when the primary LDAP server is down. The thing > is, the user that this application (nagios nrpe) runs as exists in every host's > /etc/passwd (and group) file and NOT in the Directory Server, just for this > reason. I am wondering if this is a pam issue, but I admit I do not know to what > extent that service users consult pam. The xinetd daemon doesn't link with libpam, so I doubt it's an issue. I think it's more likely that, because supplemental group membership is retrieved from all available sources, xinetd is attempting to determine which of the groups you've defined in the directory server the user is a member of. If that is indeed what's happening, then you'll want to look into adjusting the value of the "nss_initgroups_ignoreusers" in nss_ldap's configuration file. HTH, Nalin -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
