Re: nss_initgroups_ignoreusers ALLLOCAL issue
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: nss_initgroups_ignoreusers ALLLOCAL issue
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: "mh [at] ow2.org" <mh [at] ow2.org>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: nss_initgroups_ignoreusers ALLLOCAL issue
- Date: Mon, 15 May 2017 19:08:24 +0200
On Mon, 2017-05-15 at 17:59 +0200, mh@ow2.org wrote:
> nss_initgroups_ignoreusers ALLLOCAL isn't about ignoring all locally
> defined users from the LDAP at all. It's about 'group membership
> lookups'
Indeed. I was wondering about what the problem was ;_
> My goal was to avoid duplicate username between local and LDAP but it
> doesn't seem possible to do so.
Having duplicate user names should not be a real problem as long as the
entry from /etc/passwd matches that from LDAP.
If you want to filter out certain users you could use the filter
statement to exclude users from LDAP that match certain criteria. There
is no way to automatically exclude all locally defined users from LDAP
lookups (though if you are running nscd in most situations this should
not be a problem).
What you want to avoid is having multiple users with different
information on the system. If you are running nscd both user names and
numeric user ids are expected to be unique on the system.
Hope this helps,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/