nslcd debug log shows query for passwd=-1

[Ofelia Liu <oliu [at] purestorage.com>]

Hi,

I've setup ldap for passwd entry in /etc/nsswitch.conf. (The passwd row is: passwd files ldap). I see the following log when I run nslcd in debug mode:

"nslcd: [8b4567] <passwd=-1> DEBUG: myldap_search(base="DC=XXX,DC=XXX,DC=XXX,DC=XXX", filter="(&(objectClass=posixAccount)(uidNumber=-1))")

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_initialize(ldaps://XXX)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_rebind_proc()

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_PROTOCOL_VERSION,3)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_DEREF,0)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_TIMELIMIT,0)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_TIMEOUT,0)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_NETWORK_TIMEOUT,0)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_REFERRALS,LDAP_OPT_ON)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_RESTART,LDAP_OPT_ON)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_set_option(LDAP_OPT_X_TLS,LDAP_OPT_X_TLS_HARD)

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_simple_bind_s("XXX","***") (uri="ldaps://XXX")

nslcd: [8b4567] <passwd=-1> DEBUG: ldap_result(): end of results (0 total)"

My question is what does <passwd=-1> mean? It is trying to query ldap server for a user with uid=-1. It seems that it can't find the user with uid=-1 in local /etc/passwd file so it is trying to query ldap. But how can an user ends up with a uid=-1, can I configure nss to not query ldap if uid=-1?

Thanks,

Ofelia

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/