Re: uid with ":" (colon) not a valid username ?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: uid with ":" (colon) not a valid username ?
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: uid with ":" (colon) not a valid username ?
- Date: Fri, 25 Feb 2011 14:49:51 +0100
On Thu, 2011-02-24 at 10:32 +0530, Vinay Kalkoti wrote:
> In the LDAP server, I have a user name with ":" (colon) in it.
>
> When I do a getent passwd, I see that nslcd logs the following error
> and "getent passwd" doesn't list that user account at all -
>
> nslcd: [588f54] passwd entry uid=test_user:IT,ou=people,dc=xx,dc=xx,dc=com
> contains invalid user name: "test_user:IT"
>
> Is ":" colon an invalid character in uid ?.
Allowing an : in usernames may work in some very limited circumstances
but it is very likely to break applications. The : is used as a
separator in /etc/passwd and /etc/shadow and so also not allowed for
local users.
If you need this you can try adapting the isvalidname() function in
nslcd/common.c. This function is used for both user and group names and
allow a little more thank POSIX allows:
http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_426
http://pubs.opengroup.org/onlinepubs/009695399/basedefs/xbd_chap03.html#tag_03_276
Perhaps it's a good idea to implement this check as a configurable
regular expression. If someone is willing to write some code for that
I'm willing to integrate it.
--
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
