[Bug 214861] New: unnecessary, unwanted LDAP search performed
https://bugzilla.novell.com/show_bug.cgi?id=214861 Summary: unnecessary, unwanted LDAP search performed Product: SUSE Linux 10.1 Version: Final Platform: x86-64 OS/Version: SuSE Linux 10.1 Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: ivo3535@gmail.com QAContact: qa@suse.de Hi, I set up SL10.1 with pam+nss ldap user authentication with yast in standard way. Now I can see in slapd logs unwanted searches e.g.: sshd_conf has all keyboard password mechs disabled, UsePAM is set to no,AllowUser set to limited users, and when I connect with sshd to this machine as user ivo I see (I suspect nss library, because debug options is added to pam_unix2 and no traces in the logs)) unwanted ldap search against system user database stored in ldap - log is in the attachment. Same behaviour is when users performs pop3s logins to cyrus and same when postfix tries to resolve final email recipient (local user). I installed already SL9.2 machine with same config and in 9.2 there no redundant/unexpected/untraceable ldap searches performed. I spent some hours with it...thanx -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214861 ------- Comment #1 from ivo3535@gmail.com 2006-10-24 18:14 MST ------- Created an attachment (id=102511) --> (https://bugzilla.novell.com/attachment.cgi?id=102511&action=view) excerpt from /var/log/messages -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214861 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team- |rhafer@novell.com |screening@forge.provo.novell| |.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214861 mhorvath@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
https://bugzilla.novell.com/show_bug.cgi?id=214861 rhafer@novell.com changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |RESOLVED Resolution| |INVALID ------- Comment #2 from rhafer@novell.com 2007-01-24 03:07 MST ------- The LDAP search you are seeing is likely due to an initgroups() call that ssh and the other programms are performing. initgroups() tries to resolve all groupmemberships of a specific user and as a local (/etc/passwd) user might also be a member of a non-local (in this case LDAP) group it also searches the LDAP server. If you want to avoid that, you can just try to add the specific users to "nss_initgroups_ignoreusers" in /etc/ldap.conf Since openSUSE 10.2 we already have root and ldap in "nss_initgroups_ignoreusers". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
participants (1)
-
bugzilla_noreply@novell.com