You MUST give more information about your system, configs, etc. if you
want an answer.
I supose that you have an openldap server acting as a user account
store, and it's allowing the users of ldap to log in the system. So if
you do a getent passwd you will get all users from the server
(local+ldap).
Logging as root gives you all the privileges (uid 0), and if you don't
uninstall su I think that you will not be able to do what you want.
Root user must be only logged by the root.
I also think that this is not an ldap question.
2009/3/23 Marcelo Gomes <marmitsbr@yahoo.com.br>:
Hi!
In my network, when some client do login as root (local) he can
type "su -l" and be all another user from ldap.
How can i block this ?
thanks
Marcelo Gomes