[CentOS] Problems with nss_ldap - where to start?

m.roth at 5-cent.us m.roth at 5-cent.us
Thu Dec 17 18:47:38 UTC 2009


> On Thu, 17 Dec 2009, Devin Reade wrote:
>
>> If you're going to be doing LDAP-based authentication on the server
>> that is running the LDAP server, watch out for this bug, which has been
>> around since at least FC5.  It's still a problem as of FC10:
>> 	<https://bugzilla.redhat.com/show_bug.cgi?id=182464>
>
> I disagree that this is a bug. It's not a problem if you configure
> ldap.conf properly. For example, using
>
> nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon,dbus

Actually, if this is in a business setting, and esp. if they're in server
rooms, turn *off* avahi-daemon, and fix iptables so that there's no hole
for it.

       mark



More information about the CentOS mailing list