|

»

»

nss_initgroups_ignoreusers

View: New views

3 Messages — Rating Filter: Alert me

	nss_initgroups_ignoreusers by Lynn York II :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hello, I seem to be having an issue with nss_initgroups_ignoreusers. I have the following line in my /etc/ldap.conf file but it still seems to search ldap for the users. Can anyone shed some light on this issue for me? Also, I am running nss_ldap version >= 2.53. I have supplied a snippet of the sldap log… nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,postmaster,anonymous,apache [ log snippet ] Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=140 fd=48 ACCEPT from IP=127.0.0.1:59736 (IP=0.0.0.0:389) Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH base="ou=Internal,dc=mgmt,dc=test,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=postmaster))" Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 STARTTLS Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 RESULT oid= err=0 text= Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SEARCH RESULT tag=101 err=0 nentries=0 text= Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH base="ou=Internal,dc=mgmt, dc=test,dc=com " scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=postmaster))" Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 fd=62 TLS established tls_ssf=256 ssf=256 [ end snippet ] Thanks smime.p7s (4K) Download Attachment
	Re: nss_initgroups_ignoreusers by Lukeh-3 :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message nss_initgroups_ignoreusers ignores users only for the initgroups() call rather than getpwnam(). Make sure "files" is before "ldap" in /etc/nsswitch.conf and you actually have those users defined in /etc/passwd. -- Luke On 25/10/2008, at 3:21 AM, Lynn York wrote: Hello, I seem to be having an issue with nss_initgroups_ignoreusers. I have the following line in my /etc/ldap.conf file but it still seems to search ldap for the users. Can anyone shed some light on this issue for me? Also, I am running nss_ldap version >= 2.53. I have supplied a snippet of the sldap log… nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,postmaster,anonymous,apache [ log snippet ] Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=140 fd=48 ACCEPT from IP=127.0.0.1:59736 (IP=0.0.0.0:389) Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH base="ou=Internal,dc=mgmt,dc=test,dc=com" scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=postmaster))" Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 STARTTLS Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 RESULT oid= err=0 text= Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SEARCH RESULT tag=101 err=0 nentries=0 text= Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH base="ou=Internal,dc=mgmt, dc=test,dc=com " scope=2 deref=0 filter="(&(objectClass=posixAccount)(uid=postmaster))" Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH attr=uid userPassword uidNumber gidNumber cn homeDirectory loginShell gecos description objectClass Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 fd=62 TLS established tls_ssf=256 ssf=256 [ end snippet ] Thanks -- www.padl.com \| www.fghr.net
	Re: nss_initgroups_ignoreusers by Bugzilla from bgmilne@mandriva.org :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Friday 24 October 2008 18:21:54 Lynn York wrote: > Hello, > > > > I seem to be having an issue with > nss_initgroups_ignoreusers. I have the following line in my /etc/ldap.conf > file but it still seems to search ldap for the users. Can anyone shed some > light on this issue for me? Also, I am running nss_ldap version >= 2.53. > I have supplied a snippet of the sldap log. > > > > nss_initgroups_ignoreusers > root,ldap,named,avahi,haldaemon,dbus,radvd,tomcat,radiusd,news,mailman,post >m aster,anonymous,apache > > > > > > [ log snippet ] > > > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=140 fd=48 ACCEPT from > IP=127.0.0.1:59736 (IP=0.0.0.0:389) > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH > base="ou=Internal,dc=mgmt,dc=test,dc=com" scope=2 deref=0 > filter="(&(objectClass=posixAccount)(uid=postmaster))" > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SRCH attr=uid > userPassword uidNumber gidNumber cn homeDirectory loginShell gecos > description objectClass > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 STARTTLS > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 op=0 RESULT oid= err=0 > text= > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=27 SEARCH RESULT > tag=101 err=0 nentries=0 text= > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH > base="ou=Internal,dc=mgmt, dc=test,dc=com " scope=2 deref=0 > filter="(&(objectClass=posixAccount)(uid=postmaster))" > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=69 op=28 SRCH attr=uid > userPassword uidNumber gidNumber cn homeDirectory loginShell gecos > description objectClass > > Oct 24 12:15:33 ldap-proxy slapd[10000]: conn=139 fd=62 TLS established > tls_ssf=256 ssf=256 But, this isn't the filter one would expect for an 'initgroups' call, I would expect a filter of "(&(objectclass=posixGroup)(memberUid=postmaster))", this looks like a search filter from a getpwent or so (and so shouldn't be affected by nss_initgroups_ignoreusrs). So, my question is how you are getting to querying LDAP for getpwent in the first place (what is the 'passwd' line in your /etc/nsswitch.conf)? Regards, Buchan