Package: finger-ldap Version: 1.3-1 The libnss-ldap.conf configuration file can contain multiple nss_base_passwd options - finger-ldap however only reads the last one.
Example config file: base dc=example,dc=com binddn cn=admin,dc=example,dc=com rootbinddn cn=admin,dc=example,dc=com idle_timelimit 3600 pam_login_attribute uid pam_check_host_attr no pam_password exop nss_base_passwd ou=systemusers,dc=example,dc=com?one nss_base_passwd ou=users,dc=example,dc=com?one nss_base_shadow ou=systemusers,dc=example,dc=com?one nss_base_shadow ou=users,dc=example,dc=com?one nss_base_group ou=groups,dc=example,dc=com?one In this case, finger-ldap only uses ou=users,dc=example,dc=com. This feature is documented in the nss_ldap(5) manpage that ships with package libnss-ldap/251-1: nss_base_<map> <basedn?scope?filter> Specify the search base, scope and filter to be used for specific maps. (Note that map forms part of the configuration file keyword and is one of passwd, shadow, group, hosts, services, networks, protocols, rpc, ethers, netmasks, bootparams, aliases and netgroup.) The syntax of basedn and scope are the same as for the configuration file options of the same name, with the addition of being able to omit the trailing suffix of the base DN (in which case the global base DN will be appended instead). The filter is a search filter to be added to the default search filter for a specific map, such that the effective filter is the logical intersection of the two. The base DN, scope and filter are separated with literal question marks (?) as given above; this is for compatibility with the DUA configuration profile schema and the ldapprofile tool. This option may be specified multiple times. I am using finger-ldap/1.1-2 (stable), but the code indicates that the problem also exists in finger-ldap/1.3-1 (testing/unstable). Cheers, Patrick -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]