I configured my system to use LDAP as authentication module along with PAM for giving restricted access to ftp and scp services.

the nsswitch.conf file has entries like

passwd: files ldap
shadow: files ldap
group: files ldap

and the pam.d/system-auth is also configured by default configuration one which is obtained by
authconfig command with ldap details

The setup works fine, till the ldap server is up. Problem starts only when the server is down
I am not able to ssh into the machine with even the local users
I googled a bit and found these

https://bugzilla.redhat.com/show_bug.cgi?id=201557

https://bugzilla.redhat.com/show_bug.cgi?id=189624

These are old posts, 2006 and last updated in 2008.
I am running RHEL 5.3 on 64 bit platform
The posts are for 5.1.

Has nebody come across this problem in the later versions like me, or was it resolved.

Any other suggestions are also welcome.
PLS REPLY ASAP, this is a major block for my project.

Heh, VERY old bug, never fixed. I guess they were too busy working on important things like spinning cubes. (oooh, shame on me).

However, recently, someone gave me the solution.

Actually, what's amusing is that if the LDAP server is running, even if there's no account on it, you won't get the delay--it's as if the system simply wants reassurance that yes, LDAP servers do exist in the world.

Anyway, the solution that has worked for me, gotten, I believe, on these forums....

On the client edit /etc/ldap.conf (not /etc/openldap/ldap.conf)

You will see a line, commented out, that reads bind_policy hard

Change the hard to soft (and remove the comment sign) and that should fix the issue.

In other words, change

#bind_policy hard

To

bind_policy soft

Thanx scottro11

I tried that thing at it works for me too.
But now, i have another issue, in case i specify multiple LDAP servers, and set
bind_policy soft
It doesn't try to contact the second LDAP server in case the first is down.
Is there any other configuration needed to achieve the fallback mechanism