From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-dev+bounces-27277-garchives=archives.gentoo.org@gentoo.org>)
	id 1IjzXU-0004Kt-QP
	for garchives@archives.gentoo.org; Mon, 22 Oct 2007 15:50:01 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.1/8.14.0) with SMTP id l9MFmxg5004164;
	Mon, 22 Oct 2007 15:48:59 GMT
Received: from wr-out-0506.google.com (wr-out-0506.google.com [64.233.184.232])
	by robin.gentoo.org (8.14.1/8.14.0) with ESMTP id l9MFl7L4001882
	for <gentoo-dev@lists.gentoo.org>; Mon, 22 Oct 2007 15:47:07 GMT
Received: by wr-out-0506.google.com with SMTP id 36so802806wra
        for <gentoo-dev@lists.gentoo.org>; Mon, 22 Oct 2007 08:47:07 -0700 (PDT)
Received: by 10.78.151.3 with SMTP id y3mr3180235hud.1193068024524;
        Mon, 22 Oct 2007 08:47:04 -0700 (PDT)
Received: by 10.78.21.9 with HTTP; Mon, 22 Oct 2007 08:47:04 -0700 (PDT)
Message-ID: <b41005390710220847p3786d3f9n890803cf9784cf3@mail.gmail.com>
Date: Mon, 22 Oct 2007 08:47:04 -0700
From: "Alec Warner" <antarus@gentoo.org>
Sender: antarus@scriptkitty.com
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] Slapd calls nss_ldap before opening its ports
In-Reply-To: <20071022133059.GA16203@hansmi.ch>
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
References: <20071022121229.GA24735@bart.bs.l>
	 <20071022133059.GA16203@hansmi.ch>
X-Google-Sender-Auth: 655786080296673f
X-Archives-Salt: cc90dc02-c165-4059-8b30-f226484b9ff6
X-Archives-Hash: 2a35fcbb53507a8075f779b64c06f2d8

On 10/22/07, Michael Hanselmann <hansmi@gentoo.org> wrote:
> Hi
>
> On Mon, Oct 22, 2007 at 02:12:29PM +0200, Bertram Scharpf wrote:
> > Therefore I suppose the slapd daemon tries to obtain passwd/shadow
> > information for ldap via nss_ldap.
>
> Yes, it does. Therefore, use something like the following line in
> /etc/ldap.conf:
>
>   nss_initgroups_ignoreusers root,ldap,cron,portage

ew, what if root is in some ldap groups? :)

But seriously while that most likely works, it's only hiding the
problem, not solving it.

Do other distributions just not run ldap as an unprivileged user?

We run slapd as 'ldap' at work, but do not have this problem (but we
are not running gentoo, obviously, our libraries are old and crufty).
I know robbat2 knows more about this problem, it just seems odd that
it's only us.

-Alec

>
> Greets,
> Michael
>
> --
> http://hansmi.ch/
>
>
-- 
gentoo-dev@gentoo.org mailing list