Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Buchan Milne <bgmilne [at] mandriva.org>
To: subu <subu.ayyagari [at] gs.com>
Cc: nssldap [at] padl.com
Subject: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Date: Tue, 30 Jan 2007 09:03:04 +0200

On Sunday 28 January 2007 07:24, subu wrote:
> Using nss_ldap, but it does not seem to look at attributes.
> Below is a case where users with allowatrib=admin or dev are allowed.
> But getent passwd shows *all* the records in LDAP.
>
> Is there an additional step to  enforce restrictions specified by filter?
>
> Eg:
> nss_base_passwd
> ou=People,dc=gs,dc=com?one|(allowattrib=admin)(allowatrib=dev)

The documentation for this configuration option shows it should be as follows:

nss_base_<map> <basedn?scope?filter>

So, you're missing a ?:

nss_base_passwd ou=People,dc=gs,dc=com?one?|(allowattrib=admin)
(allowatrib=dev)

I have tested :

nss_base_passwd ou=People,dc=ranger,dc=dnsalias,dc=com?one?|(gidNumber=501)
(gidNumber=502)

which works correctly.

> getent passwd ( dumps entire directory though )


-- 
Buchan Milne
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

[nssldap] nss_ldap - filter for nss_base_passwd not functional, subu
- Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional, Andrew Morgan
- Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional, Buchan Milne

Prev by Date: [nssldap] nss_ldap on SLES 10
Next by Date: Re: [nssldap] nss_ldap on SLES 10
Previous by thread: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Next by thread: [nssldap] acl for libnss attributes