Date: Thu, 17 May 2012 11:49:49 +0200 From: Joel Dahl <joel@vnode.se> To: current@freebsd.org Subject: FreeBSD and LDAP users, bug or feature? Message-ID: <20120517094949.GK6475@goofy01.vnodelab.local>
next in thread | raw e-mail | index | archive | help
Hi, I have a machine running FreeBSD and openldap24-server, and several client machines running FreeBSD and openldap24-client and I'm experiencing a weird behaviour with adduser/pw. I create my LDAP users on the LDAP server, with UIDs starting at 5001. Local users on the server and clients should start at UID 1001, but this does not really work. If I use adduser to create a new local user on one of the client machines, it'll automatically be assigned with UID 5002 - which I find very confusing. This also breaks my LDAP setup, because when I add an LDAP user on the server, it'll also get UID 5002. Running pw usernext on one of the client machines confirms this behaviour: root@crashbox [~] pw usernext 5002:5002 But looking inside my /etc/passwd on the same machine reveals that the next free UID should be 1002. So pw is obviously getting information from LDAP and tries to be friendly and automatically gives me the next free UID from LDAP - which would make sense if pw could create LDAP users in addition to local users, but it can't. So right now I'm forced to check /etc/passwd on my machines each time I add a new local user and manually use that UID whenever I run adduser or pw. It works, but it's easy to shoot myself in the foot. Is this intended behaviour, or a bug? Or perhaps a misconfiguration on my part? I can provide configuration examples from my environment, but there really isn't much to see - I haven't made many changes besides installing the required applications from ports (openldap,nss_ldap,pam_ldap), changed my nsswitch.conf and a couple of files in /etc/pam.d/. -- Joel
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120517094949.GK6475>