[Bug 423252] Re: NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2 suexec, and atd
Arthur de Jong
adejong at debian.org
Mon Apr 30 19:19:55 UTC 2012
You can replace "pam_check_host_attr yes" with
pam_authz_search (&(objectClass=posixAccount)(uid=$username)(|(host=$hostname)(host=$fqdn)(host=\\*)))
See the nslcd.conf manual page for more details (the 0.7 series doesn't have the fqdn value yet).
Btw, you can use libpam-ldap fine together with libnss-ldapd if you
prefer.
Also note that nslcd is no replacement for nscd. nslcd doesn't do much
caching and nscd (or unscd) can still be used to reduce the load on your
LDAP server.
The only real things that are missing in nss-pam-ldapd are nested groups
and LDAP password policies. Patches are welcome ;)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/423252
Title:
NSS using LDAP+SSL breaks setuid applications like su, sudo, apache2
suexec, and atd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-release-notes/+bug/423252/+subscriptions
More information about the Ubuntu-server-bugs
mailing list