Hi,
I have two networks, e.g. 100.10.10.0 and 200.20.20.0, linked together by a server "server", which routes between them and, at the same time is the ldap-server. I installed SLES 11 SP2 on a new machine "client" in the 200-network, and, since the server-certificates are for the 100-network, on the client put the server-100-ip (100.10.10.1) in the ldap.conf's and made the server-200-ip (200.20.20.1) the default-router. Depending on the entries of nsswitch.conf and hosts, I get following results:
Code:
1)     nsswitch.conf:               hosts:
     passwd: files ldap
     hosts:  files

>getent passwd #everything works, ldap-entries are printed
>route
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         200.20.20.1     0.0.0.0         UG    0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
link-local      *               255.255.0.0     U     0      0        0 eth0
200.20.20.0     *               255.255.255.0   U     0      0        0 eth0
______________________________________________________________

2)     nsswitch.conf:               hosts:
     passwd: files ldap
     hosts:  files ldap

>getent passwd #prints local entries, then freezes until I interrupt (I wasn't veery patient)
>route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
^C        #my interrupt, after over a minute
______________________________________________________________

3)     nsswitch.conf:               hosts:
     passwd: files ldap           200.20.20.1 server
     hosts:  files ldap
 
>getent passwd #prints local entries, then still freezes
>route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         server          0.0.0.0         UG    0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
link-local      *               255.255.0.0     U     0      0        0 eth0
200.20.20.0     *               255.255.255.0   U     0      0        0 eth0

#if I add networks: ldap into the nsswitch.conf, route will freeze, where it should print the 200-network

______________________________________________________________

4)     nsswitch.conf:               hosts:
     passwd: files ldap           200.20.20.1 server
     hosts:  files ldap           200.20.20.5 client
  
>getent passwd #works again and prints all entries
>route
Kernel IP Routentabelle
Ziel            Router          Genmask         Flags Metric Ref    Use Iface
default         server          0.0.0.0         UG    0      0        0 eth0
loopback        *               255.0.0.0       U     0      0        0 lo
link-local      *               255.255.0.0     U     0      0        0 eth0
200.20.20.0     *               255.255.255.0   U     0      0        0 eth0

#now even works with networks: ldap
It seems to me, as if route and the ldapsearch would kind of recursively invoke each other, and although I can solve the problem, by writing the hosts-file, I would like to know, if I can convince route to be satisfied with knowing only the ip...

I just found out, that it suffices, to write the 200.20.20.5 into the hosts-file (without the server), to make everything work. Can someone explain that to me?
Thanks in advance, Sven