Date: Wed, 22 Aug 2007 22:00:05 +0200 From: Ulrich Spoerlein <uspoerlein@gmail.com> To: Scot Hetzel <swhetzel@gmail.com> Cc: freebsd-stable@freebsd.org Subject: Re: pam_group vs. multiple group lines Message-ID: <20070822200005.GC1426@roadrunner.spoerlein.net> In-Reply-To: <790a9fff0708221147u40104228k5ff7e08180dd5b41@mail.gmail.com> References: <20070821195043.GA1464@roadrunner.spoerlein.net> <A77859AB-FF17-4FBA-8B2C-462B129D84A3@mac.com> <64A1102C-0697-4C4D-AF3B-B1F2ED224792@yahoo.co.uk> <1D83A750-03FD-49EF-B99D-BA9B7F7E7BD0@mac.com> <7ad7ddd90708220053k147f4c5cq87430a4ee897180d@mail.gmail.com> <20070822082840.GB74165@hugo10.ka.punkt.de> <20070822172212.GB1426@roadrunner.spoerlein.net> <790a9fff0708221147u40104228k5ff7e08180dd5b41@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22.08.2007 at 13:47:43 -0500, Scot Hetzel wrote: > Does the following work for you: > > passwd: ldap [notfound=return] files > group: ldap [notfound=return] files > > This sets ldap as the authoritative source for users and groups, > unless the ldap service is down, then it will use the files for the > source (useful when ldap server is down). This will require that you > place all of the users/groups into the ldap server. (modified from the > nis example in the nsswitch.conf(5) man page) Thanks for you suggestion! In the end, I did it the other way round, using: passwd: files ldap group: files [success=continue] ldap This has the effect of "merging" the multiple group sources into one, as can be seen here % getent group|grep wheel wheel:*:0:root,us I now have to play a little bit with bootup (no LDAP present) and what happens when LDAP goes offline, etc. Thanks again! Cheers, Ulrich Spoerlein -- It is better to remain silent and be thought a fool, than to speak, and remove all doubt.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070822200005.GC1426>