|

»

»

»

overwriting LDAP values locally

View: New views

4 Messages — Rating Filter: Alert me

	overwriting LDAP values locally by AllBlack :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Some parts of this message have been removed. Learn more about Nabble's security policy. Hi guys, This might not be a question for this list but am trying my luck anyway. Our Linux boxes using LDAP/ AD authentication. This works fine and all as expected. Now I came across the need to modify one of those values locally, I need to change the home directory. I can't change the value in ldap as it would break on and other I tried the following, I added to /etc/passwd +userA:::::/home/u/userA +userB:::::/home/u/userB And in /etc/nsswitch.conf passwd: compat passwd_compat: ldap I have to have those home directories set for SSH logins to work. When I changed it as explained above userA and userB get in fine. The problem is now that I get a permission denied for userC. Unlike userA and userB, userC has the correct home directory in LDAP . So fixing one thing breaks something else. In short how can I maintain LDAP functionality and overwrite certain values in /etc/passwd Cheers *Guy Defryn* Systems Engineer ITS Massey University Palmerston North New Zealand
	Re: overwriting LDAP values locally by Ralf Haferkamp :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message On Mittwoch, 2. April 2008, Defryn, Guy wrote: > Hi guys, > > This might not be a question for this list but am trying my luck > anyway. > > Our Linux boxes using LDAP/ AD authentication. This works fine and > all as expected. Now I came across the need to modify one of those > values locally, I need to change the home directory. I can't change > the value in ldap as it would break on and other > > I tried the following, I added to /etc/passwd > > +userA:::::/home/u/userA > +userB:::::/home/u/userB > > And in /etc/nsswitch.conf > > passwd: compat > passwd_compat: ldap > > I have to have those home directories set for SSH logins to work. > When I changed it as explained above userA and userB get in fine. > The problem is now that I get a permission denied for userC. Unlike > userA and userB, userC has the correct home directory in LDAP . > > So fixing one thing breaks something else. In short how can I > maintain LDAP functionality and overwrite certain values in > /etc/passwd IIRC you need to add a single line with: +:::::: at the end of /etc/passwd. Probably only the '+' is enough. -- regards, Ralf Haferkamp
	RE: overwriting LDAP values locally by AllBlack :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message Thanks Ralph, I managed to get it to go, before I received your reply, by changing passwd: compat to passwd: compat ldap. Not sure whether this is a good solution or not. Thanks for your info, it will come in handy Guy -----Original Message----- From: Ralf Haferkamp [mailto:rhafer@...] Sent: Wednesday, 2 April 2008 9:23 p.m. To: nssldap@... Cc: Defryn, Guy Subject: Re: [nssldap] overwriting LDAP values locally On Mittwoch, 2. April 2008, Defryn, Guy wrote: > Hi guys, > > This might not be a question for this list but am trying my luck > anyway. > > Our Linux boxes using LDAP/ AD authentication. This works fine and > all as expected. Now I came across the need to modify one of those > values locally, I need to change the home directory. I can't change > the value in ldap as it would break on and other > > I tried the following, I added to /etc/passwd > > +userA:::::/home/u/userA > +userB:::::/home/u/userB > > And in /etc/nsswitch.conf > > passwd: compat > passwd_compat: ldap > > I have to have those home directories set for SSH logins to work. > When I changed it as explained above userA and userB get in fine. > The problem is now that I get a permission denied for userC. Unlike > userA and userB, userC has the correct home directory in LDAP . > > So fixing one thing breaks something else. In short how can I > maintain LDAP functionality and overwrite certain values in > /etc/passwd IIRC you need to add a single line with: +:::::: at the end of /etc/passwd. Probably only the '+' is enough. -- regards, Ralf Haferkamp
	Re: overwriting LDAP values locally by Aksel Filipovic :: Rate this Message: Reply to Author \| View Threaded \| Show Only this Message AllBlack wrote: Hi guys, This might not be a question for this list but am trying my luck anyway. Our Linux boxes using LDAP/ AD authentication. This works fine and all as expected. Now I came across the need to modify one of those values locally, I need to change the home directory. I can't change the value in ldap as it would break on and other I tried the following, I added to /etc/passwd +userA:::::/home/u/userA +userB:::::/home/u/userB And in /etc/nsswitch.conf passwd: compat passwd_compat: ldap I have to have those home directories set for SSH logins to work. When I changed it as explained above userA and userB get in fine. The problem is now that I get a permission denied for userC. Unlike userA and userB, userC has the correct home directory in LDAP . So fixing one thing breaks something else. In short how can I maintain LDAP functionality and overwrite certain values in /etc/passwd Cheers Guy Defryn Systems Engineer ITS Massey University Palmerston North New Zealand I had the same problem and solution was in /etc/nsswitch.conf passwd: compat ldap group: files ldap shadow: files ldap hosts: files dns ldap networks: files protocols: db files services: db files ethers: db files rpc: db files netgroup: nis The compat in passwd entry enables you to change the entries with "+" singn. So for example +userA:::::/homeB/UserA: whould change the standard home directory provided by LDAP server. +UserA::::::/bin/false would disallow user aksel to login to the machine. +::::::/bin/false Would disallow all users from LDAP server, exept those with an + entry to login to the machine.