LDAP logins (and other operations) have long timeouts if DS is down
In my environment I have two Red Hat directory Servers running . On the RH client side in ldap.conf I configure both of them to be ldap servers.
If the first RHDS listed in /etc/ldap.conf is down for whatever reason, then my client will try to connect to it, wait until the timeout, and then go to use DS_B. The result is a long delay before any operations complete (login, user lookup through id or even ls -l of directories/files with ldap owners).
If my directory servers are unavailable (the primary and especially both), lookup operations and login of LOCAL users takes a very long time.
This happens even though I have files listed first for everything in /etc/nsswitch.conf and pam_unix.so listed before pam_ldap.so everywhere in /etc/pam.d/system-auth
Is there some configuration I'm missing somewhere to make sure that local files are always checked first and if a user is found it stops looking?
nscd (client information caching) is running and works, but that only helps if the user information was recently refreshed (10 minutes is the default I think).
Thanks,
Ryan
|