Joshua, I've looked at your patch. It took a while for me to fully understand what we have working in libnss-ldap to implement 'nss_initgroups_minimum_uid'.
I have the following comments: * The concept and implementation seem like it is fine to me (I've only reviewed, not tested, though). * OKUSERS=`grep "^nss_initgroups_okusers " $CONF | tail -n 1 | awk '{print $2}')` is better (faster) written as: $1 == "nss_initgroups_okusers" { v=$2 }; END { print v }' I realize you just copied the format of 'MIN=', but both could be improved. * You should update the man page nssldap-update-ignoreusers.8 as you're adding function there. we'd like it to be documented. * It would be best if you created a debdiff (or bzr merge proposal),. that would reduce the work for someone to pick this up. Note: it seems that upstream at least still has an interest in nss_initgroups_minimum_uid (http://bugzilla.padl.com/show_bug.cgi?id=341). If we add 'nss_initgroups_okusers', via the same mechanism we're using for minimum_uid, we would need to then address merging the native support for that with our workaround. That would possibly be a bit more hairy if we also had to address nss_initgroups_okusers. ** Bug watch added: PADL Bugzilla #341 http://bugzilla.padl.com/show_bug.cgi?id=341 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/644632 Title: nssldap-update-ignoreusers needs to be configurable to ignore users -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs