Adrian Bridgett <adrian@???> wrote:
> Several possibilities here, first of all, find
> all the users and groups of the files you are
> rsyncing. If any are in LDAP, that's the
> problem since it can't look them up - you might
> be able to use "rsync --numeric-ids". You could
> try using nscd or nss-updatedb instead to reduce
> your dependence on LDAP.
>
> If the users are in /etc/passwd instead (or as
> well) then try ensure that /etc/nsswitch.conf
> says "files ldap" rather than "ldap files".
> (s/files/compat/ if you wish).
The approach I've used with LDAP is:
- Not put root in the LDAP db.
- Put all the admin users in /etc/passwd as
well as LDAP.
- Use "ldap files" in /etc/nsswitch.conf
- Set the bind_policy in /etc/libnss-ldap.conf
and /etc/pam_ldap.conf to "soft".
That allows the system to fall back to the local
password database if the LDAP server can't be
reached. You do need to make sure the UIDs and
GIDs are in sync between LDAP server and local
accounts, though.
Nick.
--
Nick Chalk ................. once a Radio Designer
Confidence is failing to understand the problem.
