Comment 48 for bug 155947

This workaround is only relevant if you use nss with ldap. It prevents
group lookups for the users that are provided with
nss_initgroups_ignoreusers. The list excludes users for group lookups in
LDAP, not the other way around. I think the bug is relevant to
libnss_ldap, because my system boots ok with this fix.

Sebastiaan

Bill MacAllister wrote:
> Is there any reason that this shouldn't be used on any system that
> uses libnss_ldap? Indeed, it seems that it would make sense to just
> include all the groups in the /etc/group file in this list. Am I
> missing something?
>
> Bill
>
> --On Wednesday, February 13, 2008 06:20:35 PM +0000 Sebastiaan
> Veldhuisen <email address hidden> wrote:
>
>> a workaround (working in my setup) to stop calling ldap for local system
>> users and groups:
>>
>> add this line to /etc/ldap.conf (adapt it to your setup):
>>
>> nss_initgroups_ignoreusers
>> root,root.slocate,daemon,bin,sys,sync,games,man,lp,mail,news,uucp,proxy,w
>>
>> ww-data,backup,list,irc,gnats,nobody,dhcp,syslog,klog,avah
>> i-autoipd,messagebus,avahi,cupsys,haldaemon,hplip,statd,ntp,sshd,beaglein
>>
>> dex,clamav
>>
>> with a bind policy soft.
>>
>> Hope this helps
>>
>> Sebastiaan
>
>
>
>
> +---------------------------------------------------------------------
> | Bill MacAllister <email address hidden>
> | Systems Programmer, ITS Unix Systems, Stanford University
>