Issue - Passwd maps in multiple OUs
[Date Prev][Date Next] [Thread Prev][Thread Next]Issue - Passwd maps in multiple OUs
- From: Subu Ayyagari <subu.ayyagari [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Issue - Passwd maps in multiple OUs
- Date: Sun, 24 Jul 2011 01:42:21 -0400
Issue# 1
It appears that base [MAP] can be specified multiple times, however
the filter, scope, and map are single valued and apply to all base paths !!
This is giving erroneous results for passwd map lookup.
# Internal users
base passwd ou=people,dc=ex,dc=com
filter (objectclass=posixaccount)(gsauthz=123)
map passwd loginshell "/bin/bash"
# External users. "base passwd" specified again
base passwd ou=external,dc=ex,dc=com
filter (objectclass=posixaccount)(gsauthz=567)
map passwd loginshell "/bin/false"
-> The last "filter (objectclass=posixaccount)(gsauthz=567)" wins...and is used for queries from both OUs.
-> The last "map passwd loginshell" wins....and is used for queries from both OUs
Issue #2
* In cases where passwd map is scattered in various OUs,
How is the ambiguity resolved when a user exists in 2 different OUs with different uidnumber/goidnumber ?
This is a big issue with passwd map and also with other maps.
Example same netgroup exists in other divisional OUs.
Any suggestion on how to resolve issue# 1, 2 ?
thanks
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users
- Issue - Passwd maps in multiple OUs, Subu Ayyagari
- Prev by Date: nss-pam-ldapd authorization only on rhel6
- Next by Date: Filtering to only examine valid entries
- Previous by thread: nss-pam-ldapd authorization only on rhel6
- Next by thread: Filtering to only examine valid entries