Re: nslcd debug log shows query for passwd=-1

[Ofelia Liu <oliu [at] purestorage.com>]

Thanks for the reply. I've tried to add "nss_min_uid 0" in /etc/nslcd.conf but it is not working. I am guessing maybe it's actually an overflow so it might actually be 65535. Can we filter by a max_uid?

Thanks,

Ofelia 

On Mon, Mar 26, 2018 at 11:31 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:

On Sun, 2018-03-25 at 21:48 -0700, Ofelia Liu wrote:
> I've setup ldap for passwd entry in /etc/nsswitch.conf. (The passwd
> row is: passwd files ldap). I see the following log when I run nslcd
> in debug mode:
[...]
> My question is what does <passwd=-1> mean? It is trying to query ldap
> server for a user with uid=-1. It seems that it can't find the user
> with uid=-1 in local /etc/passwd file so it is trying to query ldap.
> But how can an user ends up with a uid=-1, can I configure nss to not
> query ldap if uid=-1?

I think this may happen when a in some cases where a lookup is done for
 an invalid uid. Normally -1 is an invalid uid (-2 usually maps to the
user nobody, most often capped to a 16 bits unsigned integer (65534)).

You can configure nslcd to ignore lookups for a minimum value of
nss_min_uid in nslcd.conf which could help.

The line above the DEBUG entry you quoted should show which process
made the request. That process is perhaps buggy.

Kind regards,

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --

-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/