Subject: | |
From: | |
Reply To: | Kinzel, David |
Date: | Mon, 9 Jan 2012 22:08:08 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=706860 should cover this.
>-----Original Message-----
>From: [log in to unmask]
>[mailto:[log in to unmask]] On
>Behalf Of CJ Keist
>Sent: Monday, January 09, 2012 2:09 PM
>To: [log in to unmask]
>Subject: Possible bug in nslcd daemon
>
>I have installed SL 6.1 On two different servers. One Installed back
>2011 in Oct I believe, and second one last December. Anyway I think I
>have run into a bug with ldap authentication.
>
>On my newer SL server looks like the ldap client cannot retrieve any
>accounts where the account name is shorter than 3 characters.
>Where as
>my older SL server can retrieve them just fine. I checked the version
>of the nslcd daemon on both servers and they are both at:
>
>nss-pam-ldapd 0.7.5
>Written by Luke Howard and Arthur de Jong.
>
>Copyright (C) 1997-2009 Luke Howard, Arthur de Jong and West Consulting
>This is free software; see the source for copying conditions.
>There is NO
>warranty; not even for MERCHANTABILITY or FITNESS FOR A
>PARTICULAR PURPOSE.
>
>But looking at the size of both the nslcd binaries, I found them to be
>of different sizes:
>
>-rwxr-xr-x. 1 root root 133560 Jan 9 09:35 nslcd (The older
>SL server)
>-rwxr-xr-x. 1 root root 138120 May 21 2011 nslcd.otw (The new
>SL server)
>
>Anyway I fixed my problem by copying the nslcd binary from the older
>server to my newer one and now it can pick up the accounts with login
>names shorter than 3 characters.
>
>Funny thing is that I could create a local user account with a 2
>character login name just fine with useradd. And getent passwd could
>pull it up just fine. But if it's on ldap server it would not see the
>account.
>
>Anyone else seen this?
>
>
>--
>C. J. Keist Email: [log in to unmask]
>Systems Group Manager Solaris 10 OS (SAI)
>Engineering Network Services Phone: 970-491-0630
>College of Engineering, CSU Fax: 970-491-5569
>Ft. Collins, CO 80523-1301
>
>All I want is a chance to prove 'Money can't buy happiness'
>
This email communication and any files transmitted with it may contain
confidential and or proprietary information and is provided for the use of the
intended recipient only. Any review, retransmission or dissemination of this
information by anyone other than the intended recipient is prohibited. If you
receive this email in error, please contact the sender and delete this
communication and any copies immediately. Thank you.
http://www.encana.com
|
|
|