Re: --disable-nslcd, nssov, and local user lookups

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: --disable-nslcd, nssov, and local user lookups
Date: Fri, 29 Jun 2012 22:58:55 +0200

On Fri, 2012-06-29 at 11:59 -0400, Ryan Steele wrote:
> I don't think simply preventing nslcd from running is going to work
> for me.  Every time I would open a session with sudo/su, I got these
> messages to stdout:
> 
> root@myhost:~# su - myuser
> LDAP open session failed

This is probably due to a problem in the communication with the PAM
module and nssov or that nssov doesn't support PAM sessions.

> The sudo/su will work, but obviously that behavior is not desirable
> and is confusing for users.

It is probably best to disable pam_ldap in the session (comment out
pam_ldap in /etc/pam.d/common-session) to not pass these requests to
nssov.

nslcd doesn't do anything with these requests but I thought there were
some ideas to have nssov do something with them. In any case without
session logging everything should work.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Re: --disable-nslcd, nssov, and local user lookups, (continued)

Prev by Date: Re: --disable-nslcd, nssov, and local user lookups
Next by Date: Support for pam_ldap configuration
Previous by thread: Re: --disable-nslcd, nssov, and local user lookups
Next by thread: Re: problem building 0.8.9