LDAP tuning on lab machines
I've noticed some auth.log entries that suggest that lab machines are constantly connected to the ldap server and other entries that suggest that there is a problem with the apparmor configuration (entries that include apparmor=DENIED and refer to mkdor and telepathy). I believe I've sorted it out, though.
In the first case I've discovered that nslcd DOES stay connected to the server. So, I've added a line to /etc/nslcd.conf that says:
idle_timelimit 60
which should close the ldap connection after 60 seconds. There are other timeouts in the same class that I may need to use, but this looks like the best first choice.
In the second case, there are 'tunables' in apparmor that should be adjusted in cases like ours - specifically, using non-standard home directory locations. In the file '/etc/apparmor.d/tunables/home' I've edited the line that looks like this:
@{HOMEDIRS}=/home/
to look like this:
It appears that both problems have gone away, at least so far. Fingers croseed.
@{HOMEDIRS}=/home/ /home/netlink/
refs:
https://wiki.ubuntu.com/DebuggingApparmor#Adjusting_Tunables
http://arthurdejong.org/nss-pam-ldapd/nslcd.conf.5