RSS feed

nss_initgroups_ignoreusers ALLLOCAL issue

[Date Prev][Date Next] [Thread Prev][Thread Next]

nss_initgroups_ignoreusers ALLLOCAL issue

Hi there,

I'm using v0.9.6

I'm having a strange issue with nss_initgroups_ignoreusers ALLLOCAL

( I'm happy to find this option, which is absent from the other nss-ldap
implementation btw )

First, it used to work: getent passwd was *not* displaying LDAP users
that exists locally. at that time I was using the following configuration :

uid nslcd
gid nslcd
uri ldap://...
base ...

binddn cn=...
bindpw ...

# SSL options
ssl start_tls

#tls_reqcert never

tls_cacertfile /etc/ssl/certs/ca-certificates.crt

nss_initgroups_ignoreusers ALLLOCAL

Then I've added the following :


restarted nscd and nslcd and it just stopped to work.

So I decided to revert back and commented the pam_authz_search line. It
had zero effect, I still get duplicates usernames in getent !

Same thing when stopping nscd

I've started nslcd in debug mode and noticed the line:

nslcd: DEBUG: CFG: nss_initgroups_ignoreusers lists not *all* local
user, only some of them.

The debug line finishes like "(..localusers..),news..." (with third dots)

I tried to add other duplicates accounts, but I can't reproduce the
expected behavior anymore, this is very strange.

What is the issue ?

To unsubscribe send an email to or see