Hundreds of open LDAP connections on Red Hat 8

[tobiasly]

I am running a Red Hat 8 server on a small LAN in my home. I am using Samba and LDAP to emulate a Windows NT PDC. I am using the same LDAP database with PAM for authentication on the Linux server itself, so that login information is consistent among my computers. Plus, I have several Samba shares on which I have placed domain-level permissions, also using the same LDAP authentication database of course.

The problem is that, over time, I am seeing more and more open LDAP connections. After several days, there are hundreds, and eventually after a couple weeks there will be so many connections that I run out of file descriptors, rendering my machine unusable.

If I restart the nscd service, I temporarily see these connections go away, but I need to know a permanent solution. We don't do anything very intensive on these computers. I should mention that my wife does leave Outlook Express open pretty much 24/7, which accesses my Courier-IMAP server, so it also is constantly opening LDAP connections for PAM authentication.

 

[dscp05137]

Just want to implement Linux + ldap for identify management purpose, instead of using /etc/password and /etc/shadow files.

When ever user login the linux server, first it goes to ldap server and authenticate the user credentials. Then user access the system as usual. Just want to know is it possible to implement the same in linux environment.

2. I cannot able to login as root from remote system. How do I enable remote login (solaris /etc/default/login), is there any similar mechanisum over here.

Thanks in advance.

 

[dscp05137]

Just want to implement Linux + ldap for identify management purpose instead of using /etc/password and /etc/shadow files.

When ever user login the linux server, first it goes to ldap server and authenticate the user credentials. Then user access the system as usual. Just want to know is it possible to implement the same in linux environment.

2. I cannot able to login as root from remote system. How do I enable remote login (solaris /etc/default/login), is there any similar mechanisum over here.

Thanks in advance.

 

[tobiasly]

I'm not sure what you're asking in the first part of your question. Yes, it is possible to use LDAP instead of /etc/passwd and /etc/shadow, but it sounds like you're already doing that.

As to #2, that question is much more complicated than you'd think. It depends on what program you're using to log in remotely, and what authentication system you're using (passwd/shadow files, LDAP, etc).

You will need to learn much more about such issues before allowing root to login remotely. In particular, you should never allow root login using Telnet. The best way to login remotely as root is with SSH (type "man sshd&quot, but even this is dangerous. Make sure you know what you're doing before proceeding with this.

 

[52xmax]

My question is, Wants to use LDAP database (..??) for authentication purpose instead of /etc/passwd and /etc/shadow file in redhat 7.3 linux. Let me know how do I configure my ldap database for authentication through ldap directory service. I knew few things like slapd and PAM. Thanks in advance.

 

[danielhozac]

If you have a question other than the original poster, start your own thread.

//Daniel