On Tue, 2006-09-12 at 14:00 +1200, Daniel Cross wrote:
> Hello all,
>
> I seem to be having some issues with getting auth requests to not lookup
> the ldap server if the account is local and have tried everthing and am
> stumped. Heres a rundown...
>
> What I'm doing:
> I have a pair of LDAP boxes, which ~thirty systems are looking up for
> authentication via LDAP. Auth all works well. No issues there.
>
> The issue, however is that..
> Even with local system accounts (root, www-data, postfix, etc), the
> systems are still contacting the LDAP servers, and I just don't see why
> (considering I have Files specified first in nsswitch.conf and
> pam_unix.so first in all the pam confs).
> Ideally, if the accounts are local, I'd like the systems to say 'ok, we
> have our account, now lets not query the LDAP server'
>
*snip*
>
> Oh, and software versions:
> libldap2 2.1.30-3
> libnss-ldap 238-1
> libpam-ldap 180-1
>
> Soooo, anyone seen the same symptoms?
> Any ideas or sugestions would be very helpful
So.... the latest version of libnss-ldap from the Debian testing tree
(libnss-ldap 251-5.2) doesn't have this issue....
And I cannot see anything in the changelog that shows what this issue
was or why it now works. Interesting.
But I've rolled it out onto our systems and all seems well.
Regards,
--
Daniel Cross
Systems Administrator Cell +64 21535975
WorldxChange DDI +64 9 9501354
