RSS feed

Re: Preventing NSS from querying LDAP for system users

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Preventing NSS from querying LDAP for system users

Hey Arthur,

Arthur de Jong wrote:
> On Sun, 2010-03-14 at 00:59 -0500, Ryan Steele wrote:
>>> There is one known issue (that I'm going to ignore) is that username
>>> comparison is case insensitive. So if you add a joe to
>>> nss_initgroups_ignoreusers and have a Joe LDAP user, lookups for Joe
>>> would not return any LDAP groups.
>> Duly noted, thanks for making mention of it.  Just out of curiosity,
>> why the decision to ignore it?  I'm fine with that (and could always
>> patch it locally if I decided otherwise), just a little inquisitive is
>> all.  :)
> The reason is that I'm using an internal implementation for sets (also
> used in other parts of the code) that is case insensitive.

Ah, okay, thanks for the cluebat.

> Anyway, I would recommend against having different users with usernames
> that only differ in case. There are likely a lot of tools (one example
> that I can think of being mail servers) that will have difficulty with
> such set-ups.

Yeah, I can't think of a good reason for someone wanting to do that.  I'm just 
used to most-things-Linux being case
sensitive, so it piqued by curiosity.  :)

Thanks again for the explanation and patch, I'll be testing it tonight.

To unsubscribe send an email to or see