[Date Prev][Date Next] [Chronological] [Thread] [Top]

local users searched in LDAP


I found that my RH9 Linux client searches local accounts (ie. root) in my
RH9 OpenLDAP server even if the required informations were found in
/etc/passwd, /etc/group. My nsswitch.conf says:

passwd:     files ldap
shadow:     files ldap
group:      files ldap

My /etc/pam.d/sytem-auth file (applied the patch found on RH bugzilla,
making possible local logins even if LDAP server is down):

auth        required      /lib/security/$ISA/pam_env.so
auth        sufficient    /lib/security/$ISA/pam_unix.so likeauth nullok
auth        sufficient    /lib/security/$ISA/pam_ldap.so use_first_pass
auth        required      /lib/security/$ISA/pam_deny.so

account     sufficient      /lib/security/$ISA/pam_unix.so
account     sufficient      /lib/security/$ISA/pam_ldap.so

password    required      /lib/security/$ISA/pam_cracklib.so retry=3 type=
password    sufficient    /lib/security/$ISA/pam_unix.so nullok use_authtok md5 shadow
password    sufficient    /lib/security/$ISA/pam_ldap.so use_authtok
password    required      /lib/security/$ISA/pam_deny.so

session     required      /lib/security/$ISA/pam_limits.so
session     optional      /lib/security/$ISA/pam_unix.so
session     optional      /lib/security/$ISA/pam_ldap.so

I'd like to prevent my client search local users in LDAP if they were
found locally.

I've searched through this mailing list amomg others without finding a
solution. Is there any workaround for this problem (in nss_ldap?)?

Thank you.