[nssldap] [solved] how disable shadow map

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: "Brian J. Murrell" <brian [at] interlinx.bc.ca>
To: nssldap [at] padl.com
Subject: [nssldap] [solved] how disable shadow map
Date: Sat, 24 Oct 2009 10:15:34 -0400

On Wed, 2009-10-21 at 12:12 -0400, Brian J. Murrell wrote:
> Hi,
> 
> I want to disable the shadow map, and specifically, stop the passwd map
> from returning "x" in the password field.

This is in fact quite simple to do, on a user-by-user basis even.

> I noticed from a quick browse of the code:
> 
> if (_nss_ldap_oc_check (e, "shadowAccount") == NSS_SUCCESS)
>   {
>       /* don't include password for shadowAccount */
>       if (buflen < 3)
>       return NSS_TRYAGAIN;
> 
>       pw->pw_passwd = buffer;
>       strcpy (buffer, "x");
>       buffer += 2;
>       buflen -= 2;
>     }
>   else
>     {
>       stat =
>       _nss_ldap_assign_userpassword (e, ATM (LM_PASSWD, userPassword),
>                                      &pw->pw_passwd, &buffer, &buflen);
>       if (stat != NSS_SUCCESS)
>       return stat;
>     }

This above code snippet is really what led me to the solution.

One simply removes (if it exists, which it should if your passwd entry
is "x") the shadowAccount object class from the LDAP record (which your
nss_ldap is configured to map to the passwd map) for users which you
don't want shadow information available.  The "x" in the password field
of the passwd entry changes to a "*" once this is done and there is no
entry in the shadow map any more.

Cheers,
b.

[nssldap] Re: Re: how disable shadow map, (continued)

Prev by Date: Re: [nssldap] Re: Re: how disable shadow map
Next by Date: Re: [nssldap] Mega patch against nss_ldap 264
Previous by thread: [nssldap] Re: Re: Re: how disable shadow map
Next by thread: [nssldap] release 0.7.1 of nss-pam-ldapd