netbsd and openldap

hi,

I'm a new netbsd user (very new) with some experience in
GNU/Linux
world. I have a NetBSD server running samba as Backup Domain
Controller
and an OpenLDAP server as slave.

I installed nss-ldap from pkgsrc and configure the
nsswitch.conf as
follow:

group:          files ldap
passwd:         files ldap
hosts:          files dns
netgroup:       files [notfound=return] nis
networks:       files
shells:         files

I also attach the /usr/pkg/etc/nss_ldap.conf file:

base dc=x,dc=y,dc=z
debug = 255
logdir = /var/log/nss_ldap
uri ldapi://%2fvar%2fopenldap%2frun%2fldapi
ldaps://zzz.x.y.z
ldap_version 3
binddn cn=unix,ou=admins,dc=x,dc=y,dc=z
bindpw ********
rootbinddn cn=admin,ou=admins,dc=x,dc=y,dc=z
timelimit 10
bind_timelimit 5
bind_policy soft
pam_password crypt
nss_base_passwd         ou=users,dc=x,dc=y,dc=z?one
nss_base_passwd         ou=machines,dc=x,dc=y,dc=z?one
nss_base_group          ou=groups,dc=x,dc=y,dc=z?one
ssl on
tls_cacertfile /usr/pkg/etc/ssl-certificates/cacert.crt

The problem I have is that when i want to execute a command
as "ls -l",
"id user", ... the system needs 17 seconds to
respond if the user is a
openldap user. If the user is defined in files the response
is
inmediate. However, searches with ldapsearch command are
done well an
quickly:

ldapsearch -H ldapi:///var/openldap/run/ldapi -D
"cn=unix,ou=admins,dc=x,dc=y,dc=z" -W -b
"ou=machines,dc=x,dc=y,dc=z" '(objectclass=*)'

The configuration used is similar to the configuration on a
FreeBSD
server and in this case works great. So i'm lost and i don't
know where
to find more.

Thanks,

-- 
Christian Pinedo Zamalloa

On Mon, Dec 18, 2006 at 12:54:35PM +0100, Christian Pinedo
Zamalloa wrote:
> hi,
> 
> I'm a new netbsd user (very new) with some experience
in GNU/Linux
> world. I have a NetBSD server running samba as Backup
Domain Controller
> and an OpenLDAP server as slave.
> 
> I installed nss-ldap from pkgsrc and configure the
nsswitch.conf as
> follow:
> 
> group:          files ldap
> passwd:         files ldap
> hosts:          files dns
> netgroup:       files [notfound=return] nis
> networks:       files
> shells:         files
> 
> I also attach the /usr/pkg/etc/nss_ldap.conf file:
> 
> base dc=x,dc=y,dc=z
> debug = 255
> logdir = /var/log/nss_ldap
> uri ldapi://%2fvar%2fopenldap%2frun%2fldapi
ldaps://zzz.x.y.z
> ldap_version 3
> binddn cn=unix,ou=admins,dc=x,dc=y,dc=z
> bindpw ********
> rootbinddn cn=admin,ou=admins,dc=x,dc=y,dc=z
> timelimit 10
> bind_timelimit 5
> bind_policy soft
> pam_password crypt
> nss_base_passwd         ou=users,dc=x,dc=y,dc=z?one
> nss_base_passwd         ou=machines,dc=x,dc=y,dc=z?one
> nss_base_group          ou=groups,dc=x,dc=y,dc=z?one
> ssl on
> tls_cacertfile /usr/pkg/etc/ssl-certificates/cacert.crt
> 
> The problem I have is that when i want to execute a
command as "ls -l",
> "id user", ... the system needs 17 seconds to
respond if the user is a
> openldap user. If the user is defined in files the
response is
> inmediate. However, searches with ldapsearch command
are done well an
> quickly:
> 
> ldapsearch -H ldapi:///var/openldap/run/ldapi -D
> "cn=unix,ou=admins,dc=x,dc=y,dc=z" -W -b
> "ou=machines,dc=x,dc=y,dc=z"
'(objectclass=*)'
> 
> The configuration used is similar to the configuration
on a FreeBSD
> server and in this case works great. So i'm lost and i
don't know where
> to find more.
> 
> Thanks,
> 

The configuration was fine, the error was "stupid"
a bad resolv.conf
file where the first nameserver was bad and so the timeouts
was produced
by DNS resolutions. Thanks,

-- 
Christian Pinedo Zamalloa