Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Andrew Morgan <morgan [at] orst.edu>
To: subu <subu.ayyagari [at] gs.com>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Date: Mon, 29 Jan 2007 09:58:31 -0800 (PST)

On Sat, 27 Jan 2007, subu wrote:

Using nss_ldap, but it does not seem to look at attributes.
Below is a case where users with allowatrib=admin or dev are allowed.
But getent passwd shows *all* the records in LDAP.

Is there an additional step to  enforce restrictions specified by filter?

Eg:
nss_base_passwd
ou=People,dc=gs,dc=com?one|(allowattrib=admin)(allowatrib=dev)

getent passwd ( dumps entire directory though )


Is that a typo?

You have:

ou=People,dc=gs,dc=com?one|(allowattrib=admin)(allowatrib=dev)

which should be:

ou=People,dc=gs,dc=com?one?(|(allowattrib=admin)(allowatrib=dev))

I think.

        Andy

[nssldap] nss_ldap - filter for nss_base_passwd not functional, subu
- Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional, Andrew Morgan
- Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional, Buchan Milne

Prev by Date: [nssldap] acl for libnss attributes
Next by Date: [nssldap] nss_ldap on SLES 10
Previous by thread: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Next by thread: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional