On Thu, 26 Oct 2006, Daniel Cross wrote:
> On Tue, 2006-09-12 at 14:00 +1200, Daniel Cross wrote:
>> Hello all,
>>
>> I seem to be having some issues with getting auth requests to not lookup
>> the ldap server if the account is local and have tried everthing and am
>> stumped. Heres a rundown...
>>
>> What I'm doing:
>> I have a pair of LDAP boxes, which ~thirty systems are looking up for
>> authentication via LDAP. Auth all works well. No issues there.
>>
>> The issue, however is that..
>> Even with local system accounts (root, www-data, postfix, etc), the
>> systems are still contacting the LDAP servers, and I just don't see why
>> (considering I have Files specified first in nsswitch.conf and
>> pam_unix.so first in all the pam confs).
>> Ideally, if the accounts are local, I'd like the systems to say 'ok, we
>> have our account, now lets not query the LDAP server'
>>
> *snip*
>>
>> Oh, and software versions:
>> libldap2 2.1.30-3
>> libnss-ldap 238-1
>> libpam-ldap 180-1
>>
>> Soooo, anyone seen the same symptoms?
>> Any ideas or sugestions would be very helpful
>
> So.... the latest version of libnss-ldap from the Debian testing tree
> (libnss-ldap 251-5.2) doesn't have this issue....
>
> And I cannot see anything in the changelog that shows what this issue
> was or why it now works. Interesting.
>
> But I've rolled it out onto our systems and all seems well.
Did you have:
group: files ldap
in your nsswitch.conf?
Andy
