# I don't understand behavior of nsswitch.conf



## nakal (Jan 8, 2009)

Can anyone explain what's going on in nsswitch.conf, when you use the lines:

```
passwd: files ldap
group: files ldap
```

The problems begin when slapd is not running. Everyone who thinks simple (common sense) would think that, if you don't specify the criterion for "files" here the default implicit criterion would be "[success=return]" (even it's not mentioned in the man page; hint?).

But it seems not to be the case! When slapd is not available, even root has difficulties to start commands. That also means that slapd finally starts after a long timeout. All my system users are specified in the files source. For god's sake... why is pam still looking up things in the ldap source?

The source of my problems is a simple update of openldap. If you run it remotely, it may lock you out from your server, even if you have a local user in /etc/passwd (e.g.: sshd wants to spawn a process, but cannot do it somehow). Is this behavior intended?


----------

