# OpenLDAP - temporary disabling ldap in nsswitch.conf



## ondra_knezour (Oct 19, 2011)

When net/openldap24-server is installed and [font=monospace]ldap[/font] option is used in /etc/nsswitch.conf, system is almost unusable in case slapd is not running. System is for some reason ignoring default files[success=return] option for local users and groups including root, wheel and slapd. Several attempts to google some solution finds only unsolved questions. So my attempt to solve this problem is:


Specify somewhere, that LDAP server used for mapping is local and standalone
Test for presence of ldap or ldap[options] entries in /etc/nsswitch.conf
Disable these entries
Stop or restart server
Test, if server is running
Test, if ldap or ldap[options] has been disabled in /etc/nsswitch.conf and re-enable them

And my questions are:

*How to configure it?*
Where to specify, that slapd is running in standalone mode and I want to disable ldap option in /etc/nsswitch.conf? 
As option in /etc/rc.conf from where is slapd started?
As option in /etc/rc.local?
As new file under /usr/local/etc where ports configuration belongs?
"Automagically" test, if peers exists in config file?

*How to parse end modify nss config?*
In /usr/local/etc/rc.d/slapd should be tested, if user wants to disable ldap option in /etc/nsswitch.conf, search for this option in file and comment it out. What is in your opinion best method to do that? Search for regex in file, comment out found line with some comments (ie. something by sysinstall comments in /etc/rc.conf or perl comments in /etc/make.conf) and copy such entry without ldap option with sed for example?

Can anyone provide some example, how to:
Search for lines with ldap option with or without options entries
Comment it out with some descriptive comment
Create new similar entries without ldap option
Reverse everything written above


----------

