RSS feed

Re: Preventing NSS from querying LDAP for system users

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Preventing NSS from querying LDAP for system users

On Sun, 2010-03-14 at 00:59 -0500, Ryan Steele wrote:
> > There is one known issue (that I'm going to ignore) is that username
> > comparison is case insensitive. So if you add a joe to
> > nss_initgroups_ignoreusers and have a Joe LDAP user, lookups for Joe
> > would not return any LDAP groups.
> Duly noted, thanks for making mention of it.  Just out of curiosity,
> why the decision to ignore it?  I'm fine with that (and could always
> patch it locally if I decided otherwise), just a little inquisitive is
> all.  :)

The reason is that I'm using an internal implementation for sets (also
used in other parts of the code) that is case insensitive.

Anyway, I would recommend against having different users with usernames
that only differ in case. There are likely a lot of tools (one example
that I can think of being mail servers) that will have difficulty with
such set-ups.

-- arthur - - --
To unsubscribe send an email to or see