On 11/05/2018 08:03 PM, Robert Brockway wrote:
> One caveat with LDAP.  When I last did this a few years ago many Linux 
> systems were set up in such a manner that a failure of LDAP makes the 
> systems largely unusable. AFAIK this is still a problem.
> 
> A sysadmin logging in had to wait out a series of timeouts while trying 
> to open nsswitch.conf or the PAM config to disable LDAP so the 
> underlying problems could be addressed.

I've experienced such pain.  It's not fun.

I think SSSD is coming in to vogue as an abstraction layer between the 
system and LDAP+Kerberos for this very reason.



-- 
Grant. . . .
unix || die