lists.arthurdejong.org
RSS feed

Re: How can i filter specific users from querying ldap server?

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: How can i filter specific users from querying ldap server?



Ok, and if i created local user "test1"?
Now it exists in /etc/passwd
What configuration should tell not to execute lookup for nslcd:
..
nslcd: [8b4567] DEBUG: connection from pid=3379 uid=106 gid=65534
nslcd: [8b4567] <group/member="test1"> DEBUG: myldap_search(base="OU=Linux AD Integration,DC=new,DC=lv", filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=test1))")
..

On Wed, Oct 22, 2014 at 2:17 AM, Trent W. Buck <twb-nss-pam-ldapd-users [at] cyber.com.au> wrote:
Mindaugas B wrote:
> I have user named "test1" (uid=1001). I'm trying to configure NSS or nslcd
> so that "id test1" and similar queries would not send requests to LDAP
> server at all.
>
> Is it possible?

Only if you duplicate the user in some other database (e.g. /etc/passwd).
Perhaps you want unscd / nscd, so that LDAP lookups are cached for a while.
IIRC when I deployed it I saw about a thousandfold reduction in traffic on the LDAP server.

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/