Package: finger-ldap
Version: 1.3-1
The libnss-ldap.conf configuration file can contain multiple nss_base_passwd
options - finger-ldap
however only reads the last one.
Example config file:
base dc=example,dc=com
binddn cn=admin,dc=example,dc=com
rootbinddn cn=admin,dc=example,dc=com
idle_timelimit 3600
pam_login_attribute uid
pam_check_host_attr no
pam_password exop
nss_base_passwd ou=systemusers,dc=example,dc=com?one
nss_base_passwd ou=users,dc=example,dc=com?one
nss_base_shadow ou=systemusers,dc=example,dc=com?one
nss_base_shadow ou=users,dc=example,dc=com?one
nss_base_group ou=groups,dc=example,dc=com?one
In this case, finger-ldap only uses ou=users,dc=example,dc=com.
This feature is documented in the nss_ldap(5) manpage that ships with package
libnss-ldap/251-1:
nss_base_<map> <basedn?scope?filter>
Specify the search base, scope and filter to be used for specific
maps. (Note that map
forms part of the configuration file keyword and is one of passwd, shadow,
group, hosts, services,
networks, protocols, rpc, ethers, netmasks, bootparams, aliases and netgroup.)
The syntax of basedn
and scope are the same as for the configuration file options of the same name,
with the addition
of being able to omit the trailing suffix of the base DN (in which case
the global base DN
will be appended instead). The filter is a search filter to be added to the
default search filter
for a specific map, such that the effective filter is the logical intersection
of the two. The base
DN, scope and filter are separated with literal question marks (?) as given
above; this is for
compatibility with the DUA configuration profile schema and the ldapprofile
tool. This option may be
specified multiple times.
I am using finger-ldap/1.1-2 (stable), but the code indicates that the problem
also exists in
finger-ldap/1.3-1 (testing/unstable).
Cheers,
Patrick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
