lists.arthurdejong.org
RSS feed

Re: ldap authentication broken after switch to nss-pam-ldapd

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: ldap authentication broken after switch to nss-pam-ldapd



On Mon, 2014-01-27 at 14:21 -0600, Holger Foersterling wrote:
> The best solution would be to completely disable the addition of any
> filter, but I seem not to be able to do that, there is no way to
> define a blank filter to override the default:
> filter passwd ""
> or
> filter passwd
> 
> give me error messages.
> 
> As a workaround,I added the line
> 
> filter passwd  (ou=people)
> 
> to /etc/nslcd.conf
> That is of course redundant as that is already defined in my search
> base, but I seem to be able to get authentication to work with that
> change. Is there any better way to do this ?

I don't think there is currently a way to specify an empty filter. You
could filter on the objectClass that is appropriate for your LDAP
configuration though.

It might be a little more efficient to use (uid=*) as search filter. If
the LDAP server uses indexes on specific attributes, it may not require
an extra index for the search (perhaps ou isn't indexed) and if nslcd in
one way or another ends up doing a get all users query it will not get
more entries than necessary.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/