Re: Preventing NSS from querying LDAP for system users
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Preventing NSS from querying LDAP for system users
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Preventing NSS from querying LDAP for system users
- Date: Sun, 14 Mar 2010 20:50:55 +0100
On Sun, 2010-03-14 at 00:59 -0500, Ryan Steele wrote:
> > There is one known issue (that I'm going to ignore) is that username
> > comparison is case insensitive. So if you add a joe to
> > nss_initgroups_ignoreusers and have a Joe LDAP user, lookups for Joe
> > would not return any LDAP groups.
>
> Duly noted, thanks for making mention of it. Just out of curiosity,
> why the decision to ignore it? I'm fine with that (and could always
> patch it locally if I decided otherwise), just a little inquisitive is
> all. :)
The reason is that I'm using an internal implementation for sets (also
used in other parts of the code) that is case insensitive.
Anyway, I would recommend against having different users with usernames
that only differ in case. There are likely a lot of tools (one example
that I can think of being mail servers) that will have difficulty with
such set-ups.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- Re: Preventing NSS from querying LDAP for system users, (continued)
