[Date Prev][Date Next] [Chronological] [Thread] [Top]

local users searched in LDAP

To: openldap-software@OpenLDAP.org
Subject: local users searched in LDAP
From: "Krisztian K." <xian@niva.hu>
Date: Tue, 26 Aug 2003 02:46:26 +0200 (CEST)

Hi!

I found that my RH9 Linux client searches local accounts (ie. root) in my
RH9 OpenLDAP server even if the required informations were found in
/etc/passwd, /etc/group. My nsswitch.conf says:

passwd:     files ldap
shadow:     files ldap
group:      files ldap

My /etc/pam.d/sytem-auth file (applied the patch found on RH bugzilla,
making possible local logins even if LDAP server is down):

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     sufficient      /lib/security/$ISA/pam_unix.so
account     sufficient      /lib/security/$ISA/pam_ldap.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     optional      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so


I'd like to prevent my client search local users in LDAP if they were
found locally.

I've searched through this mailing list amomg others without finding a
solution. Is there any workaround for this problem (in nss_ldap?)?

Thank you.

Krisztian

Prev by Date: Re: {SPAM?} Re: ldaps access with RedHat 7.3 installation
Next by Date: Re: {SPAM?} Re: ldaps access with RedHat 7.3 installation
Index(es):
- Chronological
- Thread