Re: nslcd debug log shows query for passwd=-1
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: nslcd debug log shows query for passwd=-1
- From: Arthur de Jong <arthur [at] arthurdejong.org>
- To: Ofelia Liu <oliu [at] purestorage.com>, nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: nslcd debug log shows query for passwd=-1
- Date: Mon, 26 Mar 2018 20:31:11 +0200
On Sun, 2018-03-25 at 21:48 -0700, Ofelia Liu wrote:
> I've setup ldap for passwd entry in /etc/nsswitch.conf. (The passwd
> row is: passwd files ldap). I see the following log when I run nslcd
> in debug mode:
[...]
> My question is what does <passwd=-1> mean? It is trying to query ldap
> server for a user with uid=-1. It seems that it can't find the user
> with uid=-1 in local /etc/passwd file so it is trying to query ldap.
> But how can an user ends up with a uid=-1, can I configure nss to not
> query ldap if uid=-1?
I think this may happen when a in some cases where a lookup is done for
an invalid uid. Normally -1 is an invalid uid (-2 usually maps to the
user nobody, most often capped to a 16 bits unsigned integer (65534)).
You can configure nslcd to ignore lookups for a minimum value of
nss_min_uid in nslcd.conf which could help.
The line above the DEBUG entry you quoted should show which process
made the request. That process is perhaps buggy.
Kind regards,
--
-- arthur - arthur@arthurdejong.org - https://arthurdejong.org/ --
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/
