Subject: | |
From: | |
Reply To: | |
Date: | Mon, 9 Jan 2012 15:25:20 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Thank you for the link. The hot fixed worked! Though I am concerned
with the remark "though this is relaxed a bit in subsequent
versions to a minimum of two.". We allow for single character login
names.
On 1/9/12 3:08 PM, Kinzel, David wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=706860 should cover this.
>
>> -----Original Message-----
>> From: [log in to unmask]
>> [mailto:[log in to unmask]] On
>> Behalf Of CJ Keist
>> Sent: Monday, January 09, 2012 2:09 PM
>> To: [log in to unmask]
>> Subject: Possible bug in nslcd daemon
>>
>> I have installed SL 6.1 On two different servers. One Installed back
>> 2011 in Oct I believe, and second one last December. Anyway I think I
>> have run into a bug with ldap authentication.
>>
>> On my newer SL server looks like the ldap client cannot retrieve any
>> accounts where the account name is shorter than 3 characters.
>> Where as
>> my older SL server can retrieve them just fine. I checked the version
>> of the nslcd daemon on both servers and they are both at:
>>
>> nss-pam-ldapd 0.7.5
>> Written by Luke Howard and Arthur de Jong.
>>
>> Copyright (C) 1997-2009 Luke Howard, Arthur de Jong and West Consulting
>> This is free software; see the source for copying conditions.
>> There is NO
>> warranty; not even for MERCHANTABILITY or FITNESS FOR A
>> PARTICULAR PURPOSE.
>>
>> But looking at the size of both the nslcd binaries, I found them to be
>> of different sizes:
>>
>> -rwxr-xr-x. 1 root root 133560 Jan 9 09:35 nslcd (The older
>> SL server)
>> -rwxr-xr-x. 1 root root 138120 May 21 2011 nslcd.otw (The new
>> SL server)
>>
>> Anyway I fixed my problem by copying the nslcd binary from the older
>> server to my newer one and now it can pick up the accounts with login
>> names shorter than 3 characters.
>>
>> Funny thing is that I could create a local user account with a 2
>> character login name just fine with useradd. And getent passwd could
>> pull it up just fine. But if it's on ldap server it would not see the
>> account.
>>
>> Anyone else seen this?
>>
>>
>> --
>> C. J. Keist Email: [log in to unmask]
>> Systems Group Manager Solaris 10 OS (SAI)
>> Engineering Network Services Phone: 970-491-0630
>> College of Engineering, CSU Fax: 970-491-5569
>> Ft. Collins, CO 80523-1301
>>
>> All I want is a chance to prove 'Money can't buy happiness'
>>
>
>
> This email communication and any files transmitted with it may contain
> confidential and or proprietary information and is provided for the use of the
> intended recipient only. Any review, retransmission or dissemination of this
> information by anyone other than the intended recipient is prohibited. If you
> receive this email in error, please contact the sender and delete this
> communication and any copies immediately. Thank you.
>
> http://www.encana.com
--
C. J. Keist Email: [log in to unmask]
Systems Group Manager Solaris 10 OS (SAI)
Engineering Network Services Phone: 970-491-0630
College of Engineering, CSU Fax: 970-491-5569
Ft. Collins, CO 80523-1301
All I want is a chance to prove 'Money can't buy happiness'
|
|
|