【openldap用户认证服务器】如何避免root去服务器做认证
发表于 : 2020-01-17 11:34
发现一个奇怪的问题:某台服务器采用openldap server做用户认证,root绝对是本地账户,/etc/nsswitch也配置了先本地后 ldap认证。某天在网络断掉后(与openldap server断开了连接),在本地用su -切换到root时,会非常慢,看系统日志,报错如下:
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> ldap_result() timed out
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> failed to bind to LDAP server ldap://192.168.0.22: Can't contact
LDAP server: Transport endpoint is not connected
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> failed to bind to LDAP server ldap://192.168.0.21: Can't contact
LDAP server: Transport endpoint is not connected
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> no available LDAP server found, sleeping 1 seconds
之后它会每隔一秒尝试10几秒时间,然后才能成功。
有人知道这是什么原因吗?按照道理,root不是只要在本地做认证就可以了吗?
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> ldap_result() timed out
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> failed to bind to LDAP server ldap://192.168.0.22: Can't contact
LDAP server: Transport endpoint is not connected
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> failed to bind to LDAP server ldap://192.168.0.21: Can't contact
LDAP server: Transport endpoint is not connected
Jan 16 21:47:17 node01 nslcd[11112]: [87b23f] <group/member="root"> no available LDAP server found, sleeping 1 seconds
之后它会每隔一秒尝试10几秒时间,然后才能成功。
有人知道这是什么原因吗?按照道理,root不是只要在本地做认证就可以了吗?