Hi,
Was some kind of change to getpwnam() acceptance made in nss_ldap
between version 122 and version 149?
A 'getent passwd' as a non-root user produced a lot of LDAP output for
me in 122, but refuses to look outside of the local /etc/passwd in
149. nsswitch.conf is correctly configured for 'passwd: files ldap',
etc.
Everything works just fine as root.
I noticed that the Red Hat Linux Rawhide RPM of 149 has a dependency
on nscd, which wasn't there in the 122 package. Sure enough, since
nscd runs as root and handles the getpwnam() look-ups on behalf of my
non-root getent process, this is a useful workaround, but is there any
way to get nss_ldap 149 to do getpwnam() look-ups over LDAP for
non-root users?
I'm putting together a completely LDAPified postfix box for production
use, and don't want the e-mail for my users to start bouncing if nscd
happens to die on the box.
This isn't really a PAM question, but since nss_ldap and pam_ldap are
part of the same question and most users of pam_ldap will also be
using nss_ldap, this seemed the logical place to ask the
question. PADL's own nss_ldap mailing list is very quiet.
Thanks in advance,
Ian
--
Ian Macdonald | Satire does not look pretty upon a
Senior System Administrator | tombstone.
Linuxcare, Inc. |
Support for the Revolution |
|
