lists.arthurdejong.org
RSS feed

Issue - Passwd maps in multiple OUs

[Date Prev][Date Next] [Thread Prev][Thread Next]

Issue - Passwd maps in multiple OUs



Issue# 1

It appears that base [MAP] can be specified multiple times, however
the filter, scope, and map are single valued and apply to all base paths  !!

This is giving erroneous results for passwd map lookup.

# Internal users
base passwd ou=people,dc=ex,dc=com
filter (objectclass=posixaccount)(gsauthz=123)
map passwd loginshell "/bin/bash"

# External users. "base passwd" specified again
base passwd ou=external,dc=ex,dc=com
filter (objectclass=posixaccount)(gsauthz=567)
map passwd loginshell "/bin/false"


-> The last "filter (objectclass=posixaccount)(gsauthz=567)"  wins...and is used for queries from both OUs.
-> The last "map passwd loginshell" wins....and is used for queries from both OUs


Issue #2

* In cases where passwd map is scattered in various OUs,
   How is the ambiguity resolved when a user exists in 2 different OUs with different uidnumber/goidnumber  ?

This is a big issue with passwd map and also with other maps.
Example same netgroup exists in other divisional OUs.


Any suggestion on how to resolve issue# 1, 2 ?

thanks
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users