Re: nsswitch.conf/LDAP

To: debian-user@lists.debian.org
Cc: Michael Mühlbauer <idnkmn@googlemail.com>
Subject: Re: nsswitch.conf/LDAP
From: Osamu Aoki <osamu@debian.org>
Date: Mon, 11 Jan 2010 21:38:37 +0900
Message-id: <[🔎] 20100111123837.GC22500@osamu.debian.net>
Mail-followup-to: debian-user@lists.debian.org, Michael Mühlbauer <idnkmn@googlemail.com>
In-reply-to: <[🔎] 63316a1001110422g1f872843l75f02b945c765361@mail.gmail.com>
References: <[🔎] 63316a1001110422g1f872843l75f02b945c765361@mail.gmail.com>

Hi,

(I never configured NSS/LDAP myself)

On Mon, Jan 11, 2010 at 01:22:26PM +0100, Michael Mühlbauer wrote:
> I have a problem with my NSS/LDAP setup. When I set
> 
> passwd:    files [SUCCESS=return] ldap
> group:       files [SUCCESS=return] ldap
> shadow:    files
> 
> in /etc/nsswitch.conf and then enter 'id root' in the shell the NSS
> tries to contact the LDAP server *although* root is contained in
> /etc/passwd, /etc/group (and /etc/shadow) and can thus be
> authenticated without inquiring the LDAP server.
> 
> So what I want is, to have users be authenticated via LDAP only when
> they are *not* in the passwd/group files. How do I  archieve this?

In most installations, /etc/shadow contain local password setting.

Why not
> shadow:    files [SUCCESS=return] ldap

(passwd only contain account public info.)

Reply to:

References:
- nsswitch.conf/LDAP
  - From: Michael Mühlbauer <idnkmn@googlemail.com>

Prev by Date: TONIGHT Join 5-6P Mon 11th - 1st Evening Meeting test IRC & VOIP online Debian at BerkeleyTIP-Global - for forwarding
Next by Date: Theming GTK tooltips
Previous by thread: nsswitch.conf/LDAP
Next by thread: Re: nsswitch.conf/LDAP
Index(es):
- Date
- Thread