Date: Tue, 13 Mar 2007 08:42:00 +0100 (CET) From: Gerhard Schmidt <estartu@augusta.de> To: FreeBSD-gnats-submit@FreeBSD.org Subject: misc/110252: success=return aktion doesn't work in /etc/nsswitch.conf Message-ID: <200703130742.l2D7g0PW000923@phobos.ze.tum.de> Resent-Message-ID: <200703130820.l2D8KFu0059668@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 110252 >Category: misc >Synopsis: success=return aktion doesn't work in /etc/nsswitch.conf >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Tue Mar 13 08:20:14 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Gerhard Schmidt >Release: FreeBSD 6.2-STABLE i386 >Organization: Augsburger Computer Forum e.V. >Environment: System: FreeBSD phobos.ze.tum.de 6.2-STABLE FreeBSD 6.2-STABLE #2: Thu Mar 8 15:21:55 CET 2007 root@phobos.ze.tum.de:/usr/src/sys/i386/compile/PHOBOS i386 >Description: I have a FreeBSD Server that run a OpenLDAP server which holds the Userinfos for some FreeBSD systems including himself. The user ldap is in /etc/passwd and the group ldap is in /etc/group. /etc/nsswitch.conf looks the following group: files [success=return] ldap hosts: files dns networks: files passwd: files [success=return] ldap shells: files When the system boots the bootup blocks for 2-3 Minutes when starting OpenLDAP. The Log states the following. Mar 13 08:13:13 phobos slapd[584]: nss_ldap: could not search LDAP server - Server is unavailable As I understand the success=return statement, ldap should never be asked when a user or group is in the files. But it sill is. An when the system is up an running the ldap server is queried for every user in the files. This is a security issue too. Every user search is send to all sources in nsswitch.conf. >How-To-Repeat: Do the setup described and do a finger on a user in /etc/passwd you will see a query to the ldapserver. >Fix: n/k >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200703130742.l2D7g0PW000923>