Bug#567099: nslcd complain when there are multiple cn's in a record
On Wed, 2010-01-27 at 21:39 +1100, Alex Samad wrote: I am getting nslcd[4724]: [8d6a35] entry uid=alex,ou=People,dc=samad,dc=com,dc=au contains multiple cn values because by object has multiple cn's which is allowed for this object class. I was wondering if maybe the best way to handle this is to either take the cn from the DN, or two create multiple records one for each cn ? The problem with returning multiple records is that this will confuse some applications (it is known to confuse Glibc's nscd). Also, in the end the NSS part will only return one entry for direct name lookups (e.g. getent passwd alex will only return one row). For some object classes nslcd already looks at the DN to see the preferred name (e.g. hostnames, the other entries are taken as aliases) but for usernames I think this will only cause confusion. By default nslcd only uses the cn attribute if the gecos attribute isn't set (and uses the first attribute value it finds). What is on the TODO list is to implement rate-limiting for the above messages. Something like only log a certain complaint on a certain DN once in 15 minutes. This however needs some more thought because for a system with a lot of problematic entries this would result in a lot of log messages anyway. Anyway, thanks for your email and thanks for using nss-pam-ldapd. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong -- signature.asc Description: This is a digitally signed message part
Bug#567099: nslcd complain when there are multiple cn's in a record
On Thu, Jan 28, 2010 at 09:37:07PM +0100, Arthur de Jong wrote: On Wed, 2010-01-27 at 21:39 +1100, Alex Samad wrote: I am getting nslcd[4724]: [8d6a35] entry uid=alex,ou=People,dc=samad,dc=com,dc=au contains multiple cn values because by object has multiple cn's which is allowed for this object class. I was wondering if maybe the best way to handle this is to either take the cn from the DN, or two create multiple records one for each cn ? The problem with returning multiple records is that this will confuse some applications (it is known to confuse Glibc's nscd). Also, in the end the NSS part will only return one entry for direct name lookups (e.g. getent passwd alex will only return one row). Yeah I thought as much For some object classes nslcd already looks at the DN to see the preferred name (e.g. hostnames, the other entries are taken as aliases) but for usernames I think this will only cause confusion. By default nslcd only uses the cn attribute if the gecos attribute isn't set (and uses the first attribute value it finds). the order though is arbitrary but I guess that the best that can be done What is on the TODO list is to implement rate-limiting for the above messages. Something like only log a certain complaint on a certain DN once in 15 minutes. This however needs some more thought because for a system with a lot of problematic entries this would result in a lot of log messages anyway. or maybe a flag to turn it off ? Anyway, thanks for your email and thanks for using nss-pam-ldapd. cool package - better than the other one :) -- BOFH excuse #85: Windows 95 undocumented feature signature.asc Description: Digital signature
Bug#567099: nslcd complain when there are multiple cn's in a record
Package: nslcd Version: 0.7.2 Severity: minor Hi I am getting nslcd[4724]: [8d6a35] entry uid=alex,ou=People,dc=samad,dc=com,dc=au contains multiple cn values because by object has multiple cn's which is allowed for this object class. I was wondering if maybe the best way to handle this is to either take the cn from the DN, or two create multiple records one for each cn ? Thanks alex -- System Information: Debian Release: squeeze/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (100, 'unstable'), (50, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 2.6.32-trunk-amd64 (SMP w/4 CPU cores) Locale: LANG=en_AU.UTF-8, LC_CTYPE=en_AU.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages nslcd depends on: ii adduser3.112 add and remove users and groups ii debconf [debconf-2.0] 1.5.28Debian configuration management sy ii libc6 2.10.2-2 GNU C Library: Shared libraries ii libgssapi-krb5-2 1.8+dfsg~alpha1-4 MIT Kerberos runtime libraries - k ii libldap-2.4-2 2.4.17-2.1OpenLDAP libraries Versions of packages nslcd recommends: ii libnss-ldapd 0.7.2 NSS module for using LDAP as a nam ii libpam-ldapd 0.7.2 PAM module for using LDAP as an au ii nscd 2.10.2-2 GNU C Library: Name Service Cache nslcd suggests no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
