Re: Preventing NSS from querying LDAP for system users
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Preventing NSS from querying LDAP for system users
- From: Ryan Steele <ryans [at] aweber.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Preventing NSS from querying LDAP for system users
- Date: Sun, 14 Mar 2010 18:13:03 -0400
Hey Arthur,
Arthur de Jong wrote:
> On Sun, 2010-03-14 at 00:59 -0500, Ryan Steele wrote:
>>> There is one known issue (that I'm going to ignore) is that username
>>> comparison is case insensitive. So if you add a joe to
>>> nss_initgroups_ignoreusers and have a Joe LDAP user, lookups for Joe
>>> would not return any LDAP groups.
>> Duly noted, thanks for making mention of it. Just out of curiosity,
>> why the decision to ignore it? I'm fine with that (and could always
>> patch it locally if I decided otherwise), just a little inquisitive is
>> all. :)
>
> The reason is that I'm using an internal implementation for sets (also
> used in other parts of the code) that is case insensitive.
Ah, okay, thanks for the cluebat.
> Anyway, I would recommend against having different users with usernames
> that only differ in case. There are likely a lot of tools (one example
> that I can think of being mail servers) that will have difficulty with
> such set-ups.
>
Yeah, I can't think of a good reason for someone wanting to do that. I'm just
used to most-things-Linux being case
sensitive, so it piqued by curiosity. :)
Thanks again for the explanation and patch, I'll be testing it tonight.
-Ryan
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
- Re: Preventing NSS from querying LDAP for system users, (continued)
