(I never configured NSS/LDAP myself)
On Mon, Jan 11, 2010 at 01:22:26PM +0100, Michael Mühlbauer wrote:
> I have a problem with my NSS/LDAP setup. When I set
> passwd: files [SUCCESS=return] ldap
> group: files [SUCCESS=return] ldap
> shadow: files
> in /etc/nsswitch.conf and then enter 'id root' in the shell the NSS
> tries to contact the LDAP server *although* root is contained in
> /etc/passwd, /etc/group (and /etc/shadow) and can thus be
> authenticated without inquiring the LDAP server.
> So what I want is, to have users be authenticated via LDAP only when
> they are *not* in the passwd/group files. How do I archieve this?
In most installations, /etc/shadow contain local password setting.
> shadow: files [SUCCESS=return] ldap
(passwd only contain account public info.)