Re: [nssldap] nss_initgroups_ignoreusers
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] nss_initgroups_ignoreusers
- From: Buchan Milne <bgmilne [at] mandriva.org>
- To: Lynn York <lyork [at] inetu.net>
- Cc: "nssldap [at] padl.com" <nssldap [at] padl.com>
- Subject: Re: [nssldap] nss_initgroups_ignoreusers
- Date: Mon, 17 Nov 2008 11:13:59 +0200
On Friday 24 October 2008 18:21:54 Lynn York wrote:
> Hello,
>
>
>
> I seem to be having an issue with
> nss_initgroups_ignoreusers. I have the following line in my /etc/ldap.conf
> file but it still seems to search ldap for the users. Can anyone shed some
> light on this issue for me? Also, I am running nss_ldap version >= 2.53.
> I have supplied a snippet of the sldap log.
>
>
>
> nss_initgroups_ignoreusers
> root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,post
>m aster,anonymous,apache
>
>
>
>
>
> [ log snippet ]
>
>
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=140 fd=48 ACCEPT from
> IP=127.0.0.1:59736 (IP=0.0.0.0:389)
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH
> base="ou=Internal,dc=mgmt,dc=test,dc=com" scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=postmaster))"
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 STARTTLS
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 RESULT oid= err=0
> text=
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SEARCH RESULT
> tag=101 err=0 nentries=0 text=
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH
> base="ou=Internal,dc=mgmt, dc=test,dc=com " scope=2 deref=0
> filter="(&(objectClass=posixAccount)(uid=postmaster))"
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH attr=uid
> userPassword uidNumber gidNumber cn homeDirectory loginShell gecos
> description objectClass
>
> Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 fd=62 TLS established
> tls_ssf=256 ssf=256
But, this isn't the filter one would expect for an 'initgroups' call, I would
expect a filter of "(&(objectclass=posixGroup)(memberUid=postmaster))", this
looks like a search filter from a getpwent or so (and so shouldn't be affected
by nss_initgroups_ignoreusrs).
So, my question is how you are getting to querying LDAP for getpwent in the
first place (what is the 'passwd' line in your /etc/nsswitch.conf)?
Regards,
Buchan