Thu Jan 31 03:22:47 CET 2008

ssh, ldap, resolving

If you're using LDAP with those options in /etc/conf.d/slapd

OPTS="-h 'ldap://127.0.0.1 ldaps://foo.bar.tld:23523'"

a missconfigured /etc/resolv.conf could be fatal. Your slapd would not run and die with

slapd[12876]: daemon: getaddrinfo() failed: Temporary failure in name resolution

A possible solution is to resolve your hostname yourself. Just put a $IP $HOSTNAME of yourself in the /etc/hosts. That should be very safe.

Another point is that if your name resolution is broken ssh will have got problems with local users if it cannot reach the ldap daemon because it is down.

Connection closed by remote host

This only happens if you send a public key to authorize yourself. To fix this issue try to don't send any public key

ssh foo.bar.tld -l localuser -o PubkeyAuthentication=no

Thanks to KillerFox for reproducing these things.


Posted by Sebastian Wieseler | Categories: *nix |