** Changed in: libnss-ldap (Ubuntu)
Assignee: Nigel Babu (nigelbabu) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/644632
Title:
nssldap-update-ignoreusers
TEST CASE (based on comment #84 from bug #155947):
1. apt-get install ldap-auth-client # pulls in libnss-ldap
2. configure ldap to use (via debconf):
ldap://127.0.0.1/
root requires a password: 'no'
everything else defaults
3. verify on fresh install nss_initgroups_ignoreusers is not present:
$
Based on the above test case, NAK on the current patch. It has a
trailing ')' in the OKUSERS line, does not output the correct
'nss_initgroups_ignoreusers' line (ie, uucp and www-data are still
listed) and the man page has not been updated.
--
You received this bug notification because you are a
@Scott: NAK on your suggestion as it is currently incomplete. I'd be
much more comfortable using the current syntax right before optimizing
for speed anyway.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in Ubuntu.
The problem with the patch as written is that while 'users' gets updated
correctly with this line:
users=`awk -v min=$MIN -v okuser=$OKUSERS -F:
'BEGIN{split(okuser,a,/,/);for (i in a) b[a[i]]} ($3 min) !($1 in
b){printf %s%s,s,$1;s=,}' /etc/passwd`
'users' is immediately updated after this
sorry for mis-pasting.
OKUSERS=`awk -v vname=nss_initgroups_okusers '$1 == vname { v=$2 }; END { print
v }' ${CONF}`
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/644632
Title:
So in talking with Scott on irc, he brought up an important point-- it
is undesirable to add the additional nss_initgroups_okusers option if
upstream actually implements
nss_initgroups_ignoreusers/nss_initgroups_minimum_uid in nss-ldap proper
(see upstream bug
Unsubscribing ubuntu-sponsors for now. Feel free to resubscribe when
there is feedback from upstream and a debdiff (or patch for nssldap-
update-ignoreusers and nssldap-update-ignoreusers.8) is attached.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which
** Tags added: patch
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in Ubuntu.
https://bugs.launchpad.net/bugs/644632
Title:
nssldap-update-ignoreusers needs to be configurable to ignore users
--
Ubuntu-server-bugs
Filed.
http://bugzilla.padl.com/show_bug.cgi?id=432
** Bug watch added: PADL Bugzilla #432
http://bugzilla.padl.com/show_bug.cgi?id=432
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap in Ubuntu.
Joshua,
I've looked at your patch. It took a while for me to fully understand what
we have working in libnss-ldap to implement 'nss_initgroups_minimum_uid'.
I have the following comments:
* The concept and implementation seem like it is fine to me (I've only
reviewed, not tested, though).
bah. 'is better (faster) written as: should have said:
OKUSERS=`awk -v vname=nss_initgroups_okusers '$1 == vname { v=$2 }; END {
print v }'`
rather than
$1 == nss_initgroups_okusers { v=$2 }; END { print v }'
--
You received this bug notification because you are a member of Ubuntu
Server
** Changed in: libnss-ldap (Ubuntu)
Assignee: (unassigned) = Nigel Babu (nigelbabu)
--
nssldap-update-ignoreusers needs to be configurable to ignore users
https://bugs.launchpad.net/bugs/644632
You received this bug notification because you are a member of Ubuntu
Server Team, which is
OK, so rolling around some ideas on how to handle this. One simple way,
one somewhat complex, but kind of neat, way.
Method 1:
Use a config file for nssldap-update-ignoreusers. Probably
/etc/default/nssldap-update-ignoreusers. Have a single line something like:
So, here is the patch.
You add a line in /etc/ldap.conf of the form:
nss_initgroups_okusers user1,user2
Thanks to pgas on #awk for help with the awk syntax and best practices.
Comments/critique welcome.
** Patch added: Patch to add OK users functionality.
** Changed in: libnss-ldap (Ubuntu)
Importance: Undecided = Low
--
nssldap-update-ignoreusers needs to be configurable to ignore users
https://bugs.launchpad.net/bugs/644632
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libnss-ldap
Mathias -
OK, I know not every bug can be High, but can you explain why a bug
that breaks permissions has been classified as Low?
Not trolling, just curious.
--
nssldap-update-ignoreusers needs to be configurable to ignore users
https://bugs.launchpad.net/bugs/644632
You received this bug
17 matches
Mail list logo