Public bug reported: Binary package hint: libnss-ldap
# lsb_release -rd Description: Ubuntu 10.04.1 LTS Release: 10.04 # apt-cache policy libnss-ldap libnss-ldap: Installed: 264-2ubuntu2 Candidate: 264-2ubuntu2 Version table: *** 264-2ubuntu2 0 500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status 261-2.1ubuntu1 0 500 http://us.archive.ubuntu.com/ubuntu/ jaunty/main Packages Currently, nssldap-update-ignoreusers can only be configured to ignore users over a certain numeric UID. It blindly includes all users less than the configured UID. However, this breaks our setup. We have some system users (namely www-data and www-priv) that are in groups in LDAP. Thus, when you query the 'Subversion' group, you get back a list that includes www-priv. However, if you try to query the groups to which www-priv belongs, it fails to return the correct groups because it ignores www-priv, thus breaking privileges because the system then thinks www-priv is not in the Subversion group. The only work around for now is to disable the run of nssldap-update- ignoreusers. I would work on a patch to facilitate configuring users to *not* include in the ignore list if someone will commit to getting the patch accepted: we don't really want to maintain our own branch of one file in a package. :) ** Affects: libnss-ldap (Ubuntu) Importance: Undecided Status: New ** Tags: ldap libnss lucid -- nssldap-update-ignoreusers needs to be configurable to ignore users https://bugs.launchpad.net/bugs/644632 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libnss-ldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs