Re: How can i filter specific users from querying ldap server?
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: How can i filter specific users from querying ldap server?
- From: Berend De Schouwer <berend [at] deschouwer.co.za>
- To: Mindaugas B <minde.b [at] gmail.com>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: How can i filter specific users from querying ldap server?
- Date: Wed, 22 Oct 2014 10:21:08 +0200
Do you get that for 'getent passwd test1'?
What group is set for 'test1' in /etc/passwd?
id(1) will scan for all groups that a user is a member of. So if
'ldap' appears in /etc/nsswitch under 'group:', it will scan ldap for
group membership. Either don't put 'ldap' under 'group:' in
/etc/nsswitch.conf, or cache those requests.
On Wed, 22 Oct, 2014 at 8:04 , Mindaugas B <minde.b@gmail.com> wrote:
Ok, and if i created local user "test1"?
Now it exists in /etc/passwd
What configuration should tell not to execute lookup for nslcd:
..
nslcd: [8b4567] DEBUG: connection from pid=3379 uid=106 gid=65534
nslcd: [8b4567] <group/member="test1"> DEBUG:
myldap_search(base="OU=Linux AD Integration,DC=new,DC=lv",
filter="(&(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))(sAMAccountName=test1))")
..
On Wed, Oct 22, 2014 at 2:17 AM, Trent W. Buck
<twb-nss-pam-ldapd-users@cyber.com.au> wrote:
Mindaugas B wrote:
> I have user named "test1" (uid=1001). I'm trying to configure NSS
or nslcd
> so that "id test1" and similar queries would not send requests to
LDAP
> server at all.
>
> Is it possible?
Only if you duplicate the user in some other database (e.g.
/etc/passwd).
Perhaps you want unscd / nscd, so that LDAP lookups are cached for a
while.
IIRC when I deployed it I saw about a thousandfold reduction in
traffic on the LDAP server.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
