Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
- From: Andrew Morgan <morgan [at] orst.edu>
- To: subu <subu.ayyagari [at] gs.com>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
- Date: Mon, 29 Jan 2007 09:58:31 -0800 (PST)
On Sat, 27 Jan 2007, subu wrote:
Using nss_ldap, but it does not seem to look at attributes.
Below is a case where users with allowatrib=admin or dev are allowed.
But getent passwd shows *all* the records in LDAP.
Is there an additional step to enforce restrictions specified by filter?
Eg:
nss_base_passwd
ou=People,dc=gs,dc=com?one|(allowattrib=admin)(allowatrib=dev)
getent passwd ( dumps entire directory though )
Is that a typo?
You have:
ou=People,dc=gs,dc=com?one|(allowattrib=admin)(allowatrib=dev)
which should be:
ou=People,dc=gs,dc=com?one?(|(allowattrib=admin)(allowatrib=dev))
I think.
Andy