lists.arthurdejong.org
RSS feed

non-local (LDAP) users can log in without auth???

[Date Prev][Date Next] [Thread Prev][Thread Next]

non-local (LDAP) users can log in without auth???

I've been working on getting an Ubuntu 10.10 (Maverick) lab up and running, using the stock versions found in the repos (e.g. nslcd v.0.7.6) an I've run in to an interesting problem: ldap users can get a session on the machine without a password. That is, if a user exists in LDAP they can log in to the machine by hitting the return key when asked for a password; this does not work for local users, nor can you make up an ID and expect it to work. BTW, if you give it a wrong password, you can't get a session (as in you get a failed LDAP authentication message). 

Here's the way I got to this point.
I had an elaborate install/config script that I thought was at fault, but I've reduced my install to the bare minimum installation and configuration and it's still screwy. Here's the process: 1) apt-get install nslcd (libpam-ldapd, libnss-ldapd and nscd are dependencies, so they get installed as well) 2) during configuration, provide debconf with basic info about our LDAP setup (in my case we have a SunLDAP server that I do not control). 
3) add config info to nslcd.conf to allow connections
To allow connections to our ldap server I only need to add tls_cacertfile to nslcd.conf. The nsswitch.conf and nscd.conf files don't need to be edited at all, and the debconf configuration done by Ubuntu seems to be good enough to allow connections.
At this point I restart the machine and try to log in as an LDAP user. When asked for a password I hit [enter] and I get a session. This user has never used the machine before and is not a duplicate of a local username. The uid of the LDAP user is correct (that is, the uid is passed to the local machine by the LDAP server and is not locally assigned.)
As the LDAP user, I can su to any other LDAP ID without a password (just hit [enter] when asked for a password). I *cannot* su to a local user.
To debug, I shut down nslcd and nscd and restarted nslcd in debug mode. Then I did "ssh gnewton@localhost", hit [enter] at the password prompt, got in and then exited the ssh session. Here's the output: 

~~~~~~~~~~~~~~~~~~~~~~~ nslcd log ~~~~~~~~~~~~~~~~~~~~~~~
nslcd: DEBUG: add_uri(ldaps://ldap.server.ca/)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_REQUIRE_CERT,2)
nslcd: DEBUG: ldap_set_option(LDAP_OPT_X_TLS_CACERTFILE,"/etc/ssl/certs/Thawte_Premium_Server_CA.pem") 
nslcd: version 0.7.6 starting
nslcd: DEBUG: unlink() of /var/run/nslcd/socket failed (ignored): No such file or directory 
nslcd: DEBUG: setgroups(0,NULL) done
nslcd: DEBUG: setgid(123) done
nslcd: DEBUG: setuid(114) done
nslcd: accepting connections
nslcd: [8b4567] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [8b4567] DEBUG: nslcd_passwd_byuid(-1)
nslcd: [8b4567] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uidNumber=-1))") 
nslcd: [8b4567] DEBUG: ldap_initialize(ldaps://ldap.server.ca/)
nslcd: [8b4567] DEBUG: ldap_set_rebind_proc()
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [8b4567] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [8b4567] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.server.ca/") 
nslcd: [8b4567] DEBUG: ldap_result(): end of results

nslcd: [7b23c6] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [7b23c6] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [7b23c6] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [7b23c6] DEBUG: ldap_initialize(ldaps://ldap.server.ca/)
nslcd: [7b23c6] DEBUG: ldap_set_rebind_proc()
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [7b23c6] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [7b23c6] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.server.ca/") 
nslcd: [7b23c6] DEBUG: ldap_result(): end of results

nslcd: [3c9869] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [3c9869] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [3c9869] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [3c9869] DEBUG: ldap_initialize(ldaps://ldap.server.ca/)
nslcd: [3c9869] DEBUG: ldap_set_rebind_proc()
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [3c9869] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [3c9869] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.server.ca/") 
nslcd: [3c9869] DEBUG: ldap_result(): end of results

nslcd: [334873] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [334873] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [334873] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [334873] DEBUG: ldap_initialize(ldaps://ldap.server.ca/)
nslcd: [334873] DEBUG: ldap_set_rebind_proc()
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [334873] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [334873] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.server.ca/") 
nslcd: [334873] DEBUG: ldap_result(): end of results

nslcd: [b0dc51] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [b0dc51] DEBUG: nslcd_pam_authc("gnewton","","su","")
nslcd: [b0dc51] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [b0dc51] DEBUG: ldap_initialize(ldaps://ldap.server.ca/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [b0dc51] DEBUG: ldap_simple_bind_s(NULL,NULL) (uri="ldaps://ldap.server.ca/") nslcd: [b0dc51] DEBUG: myldap_search(base="uid=gnewton,ou=People,dc=server,dc=ca", filter="(objectClass=posixAccount)") 
nslcd: [b0dc51] DEBUG: ldap_initialize(ldaps://ldap.server.ca/)
nslcd: [b0dc51] DEBUG: ldap_set_rebind_proc()
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)
nslcd: [b0dc51] DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)
nslcd: [b0dc51] DEBUG: ldap_simple_bind_s("uid=gnewton,ou=People,dc=server,dc=ca","") (uri="ldaps://ldap.server.ca/") 
nslcd: [b0dc51] DEBUG: ldap_unbind()
nslcd: [495cff] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [495cff] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [495cff] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [495cff] DEBUG: ldap_result(): end of results

nslcd: [e8944a] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [e8944a] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [e8944a] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [e8944a] DEBUG: ldap_result(): end of results

nslcd: [5558ec] DEBUG: connection from pid=1802 uid=0 gid=1000
nslcd: [5558ec] DEBUG: nslcd_pam_authz("gnewton","uid=gnewton,ou=People,dc=server,dc=ca","su","localadmin","","/dev/pts/1") 
nslcd: [8e1f29] DEBUG: connection from pid=1802 uid=0 gid=24459
nslcd: [8e1f29] DEBUG: nslcd_group_bymember(gnewton)
nslcd: [8e1f29] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") nslcd: [8e1f29] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(|(memberUid=gnewton)(uniqueMember=uid=gnewton,ou=People,dc=server,dc=ca)))") 
nslcd: [8e1f29] DEBUG: ldap_result(): end of results

nslcd: [e87ccd] DEBUG: connection from pid=1802 uid=0 gid=24459
nslcd: [e87ccd] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [e87ccd] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [e87ccd] DEBUG: ldap_result(): end of results

nslcd: [1b58ba] DEBUG: connection from pid=1802 uid=0 gid=24459
nslcd: [1b58ba] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [1b58ba] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [1b58ba] DEBUG: ldap_result(): end of results

nslcd: [7ed7ab] DEBUG: connection from pid=1802 uid=0 gid=24459
nslcd: [7ed7ab] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [7ed7ab] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [7ed7ab] DEBUG: ldap_result(): end of results

nslcd: [b141f2] DEBUG: connection from pid=1802 uid=0 gid=24459
nslcd: [b141f2] DEBUG: nslcd_pam_sess_o("gnewton","uid=gnewton,ou=People,dc=server,dc=ca","su","/dev/pts/1","","localadmin") 
nslcd: [b71efb] DEBUG: connection from pid=1802 uid=0 gid=24459
nslcd: [b71efb] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [b71efb] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [b71efb] DEBUG: ldap_result(): end of results

nslcd: [e2a9e3] DEBUG: connection from pid=1807 uid=0 gid=0
nslcd: [e2a9e3] DEBUG: nslcd_passwd_byuid(24459)
nslcd: [e2a9e3] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uidNumber=24459))") 
nslcd: [e2a9e3] DEBUG: ldap_result(): end of results

nslcd: [45e146] DEBUG: connection from pid=1518 uid=1000 gid=1000
nslcd: [45e146] DEBUG: nslcd_passwd_byuid(24459)
nslcd: [45e146] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uidNumber=24459))") 
nslcd: [5f007c] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [5f007c] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [5f007c] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [45e146] DEBUG: ldap_result(): end of results

nslcd: [d062c2] DEBUG: connection from pid=1810 uid=24459 gid=24459
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [5f007c] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [d062c2] DEBUG: nslcd_passwd_byuid(24459)
nslcd: [d062c2] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uidNumber=24459))") 
nslcd: [5f007c] DEBUG: ldap_result(): end of results
nslcd: [d062c2] DEBUG: ldap_result(): end of results

nslcd: [200854] DEBUG: connection from pid=1812 uid=24459 gid=24459
nslcd: [200854] DEBUG: nslcd_passwd_byuid(24459)
nslcd: [200854] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uidNumber=24459))") 
nslcd: [b127f8] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [b127f8] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [b127f8] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [b127f8] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [200854] DEBUG: ldap_result(): end of results

nslcd: [16231b] DEBUG: connection from pid=1812 uid=24459 gid=24459
nslcd: [16231b] DEBUG: nslcd_group_bygid(24459)
nslcd: [16231b] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(gidNumber=24459))") 
nslcd: [16231b] DEBUG: ldap_result(): end of results
nslcd: [b127f8] DEBUG: ldap_result(): end of results

nslcd: [16e9e8] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [16e9e8] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [16e9e8] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [16e9e8] DEBUG: ldap_result(): end of results
nslcd: [16e9e8] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [16e9e8] DEBUG: ldap_result(): end of results

nslcd: [90cde7] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [90cde7] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [90cde7] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [90cde7] DEBUG: ldap_result(): end of results
nslcd: [90cde7] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [90cde7] DEBUG: ldap_result(): end of results
nslcd: [ef438d] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [ef438d] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [ef438d] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [ef438d] DEBUG: ldap_result(): end of results
nslcd: [ef438d] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [ef438d] DEBUG: ldap_result(): end of results

nslcd: [0e0f76] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [0e0f76] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [0e0f76] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [0e0f76] DEBUG: ldap_result(): end of results
nslcd: [0e0f76] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [0e0f76] DEBUG: ldap_result(): end of results

nslcd: [52255a] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [52255a] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [52255a] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [52255a] DEBUG: ldap_result(): end of results
nslcd: [52255a] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [52255a] DEBUG: ldap_result(): end of results

nslcd: [9cf92e] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [9cf92e] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [9cf92e] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [9cf92e] DEBUG: ldap_result(): end of results
nslcd: [9cf92e] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [9cf92e] DEBUG: ldap_result(): end of results

nslcd: [ed7263] DEBUG: connection from pid=1802 uid=24459 gid=24459
nslcd: [ed7263] DEBUG: nslcd_passwd_byname(gnewton)
nslcd: [ed7263] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=gnewton))") 
nslcd: [ed7263] DEBUG: ldap_result(): end of results

nslcd: [dcc233] DEBUG: connection from pid=1802 uid=24459 gid=24459
nslcd: [dcc233] DEBUG: nslcd_pam_sess_c("gnewton","uid=gnewton,ou=People,dc=server,dc=ca","su",12345) 
nslcd: [efd79f] DEBUG: connection from pid=1818 uid=0 gid=0
nslcd: [efd79f] DEBUG: nslcd_passwd_byuid(24459)
nslcd: [efd79f] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uidNumber=24459))") 
nslcd: [efd79f] DEBUG: ldap_result(): end of results

nslcd: [a7c4c9] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [a7c4c9] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [a7c4c9] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results
nslcd: [a7c4c9] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [a7c4c9] DEBUG: ldap_result(): end of results

nslcd: [68079a] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [68079a] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [68079a] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [68079a] DEBUG: ldap_result(): end of results
nslcd: [68079a] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [68079a] DEBUG: ldap_result(): end of results

nslcd: [6afb66] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [6afb66] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [6afb66] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [6afb66] DEBUG: ldap_result(): end of results
nslcd: [6afb66] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [6afb66] DEBUG: ldap_result(): end of results

nslcd: [e45d32] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [e45d32] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [e45d32] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [e45d32] DEBUG: ldap_result(): end of results
nslcd: [e45d32] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [e45d32] DEBUG: ldap_result(): end of results

nslcd: [9b500d] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [9b500d] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [9b500d] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [9b500d] DEBUG: ldap_result(): end of results
nslcd: [9b500d] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [9b500d] DEBUG: ldap_result(): end of results

nslcd: [1bd7b7] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [1bd7b7] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [1bd7b7] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [1bd7b7] DEBUG: ldap_result(): end of results
nslcd: [1bd7b7] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [1bd7b7] DEBUG: ldap_result(): end of results

nslcd: [2dba31] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [2dba31] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [2dba31] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [2dba31] DEBUG: ldap_result(): end of results
nslcd: [2dba31] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [2dba31] DEBUG: ldap_result(): end of results

nslcd: [83e458] DEBUG: connection from pid=1154 uid=0 gid=0
nslcd: [83e458] DEBUG: nslcd_group_bymember(localadmin)
nslcd: [83e458] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixAccount)(uid=localadmin))") 
nslcd: [83e458] DEBUG: ldap_result(): end of results
nslcd: [83e458] DEBUG: myldap_search(base="ou=People,dc=server,dc=ca", filter="(&(objectClass=posixGroup)(memberUid=localadmin))") 
nslcd: [83e458] DEBUG: ldap_result(): end of results
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Anyone have any thoughts about how best to tackle this?
Thanks,
Greg

Attachment: gregster.vcf
Description: Vcard

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users