[Pkg-shadow-devel] ldap support

Miek Gieben miek at miek.nl
Tue Jun 10 19:53:59 UTC 2008


[ Quoting Nicolas François in "Re: [Pkg-shadow-devel] ldap support"... ]
> Hello,
> 
> > I'm not getting this.. as you are using setpwent (for instance) you
> > should be getting the backend for free? As glibc will do the heavy
> > lifting and will update the appropiate backend?
> 
> This might be an old TODO entry (shadow used to have its own API to read
> and write in the passwd/group/shadow files).
>
> However, I never tried this. If you could try it, that would be great.

I've tried it, it didn't work :( I've put an user in ldap, the
user 'henkie'.
getent passwd
getent group

show the user. An ls -l /tmp/testfile which was set to uid:gid of
2001:2001 works:
# ls -l /tmp/testfile 
-rw-r--r-- 1 henkie henkie 0 2008-06-10 20:38 /tmp/testfile

So my ldap connection is working and libnss-pam is doing its job.

> Note: Regarding the -r option, I'm not convinced it would be really
> useful. Only passwd supports it, and only the "file" repository is
> supported currently. I would prefer to drop it from passwd.

Agreed, even without an ldap server you can still update local
passwords as libnss should fall back to using files.

> > Same goes for, chage, chsh etc.
> 
> As I don't have any LDAP setup at hand, that would be great if you could
> report if it works for these various tools.

If tested a few, the results:

[  pw = pw_locate (user);
 isn't working properly in this case, maybe it is too clever? 
]



$ getent passwd |grep henkie
henkie:*:2001:2001:henkie:/home/henkie:/bin/bash

$ getent group |grep henkie
henkie:*:2001:

Performing this with the username 'henkie'

=== /usr/bin/chage

=== /usr/bin/chfn
Changing the user information for henkie
Enter the new value, or press ENTER for the default
        Full Name [henkie]: Testing this for ldap
        Room Number []:
        Work Phone []:
        Home Phone []:
        Other []:
chfn: henkie not found in /etc/passwd

=== /usr/bin/chsh
Changing the login shell for henkie
Enter the new value, or press ENTER for the default
        Login Shell [/bin/bash]: /bin/zsh
chsh: henkie not found in /etc/passwd

=== /usr/bin/expiry
=== /usr/bin/gpasswd

=== /usr/bin/passwd
passwd: User not known to the underlying authentication module
passwd: password unchanged



--
grtz,
 - Miek                               
 GPG Key ID: 3880 D0F6                           http://www.miek.nl/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20080610/9706a3f0/attachment.pgp 


More information about the Pkg-shadow-devel mailing list