pam_group vs. multiple group lines
uspoerlein at gmail.com
Wed Aug 22 13:00:14 PDT 2007
On Wed, 22.08.2007 at 13:47:43 -0500, Scot Hetzel wrote:
> Does the following work for you:
> passwd: ldap [notfound=return] files
> group: ldap [notfound=return] files
> This sets ldap as the authoritative source for users and groups,
> unless the ldap service is down, then it will use the files for the
> source (useful when ldap server is down). This will require that you
> place all of the users/groups into the ldap server. (modified from the
> nis example in the nsswitch.conf(5) man page)
Thanks for you suggestion!
In the end, I did it the other way round, using:
passwd: files ldap
group: files [success=continue] ldap
This has the effect of "merging" the multiple group sources into one, as
can be seen here
% getent group|grep wheel
I now have to play a little bit with bootup (no LDAP present) and what
happens when LDAP goes offline, etc.
It is better to remain silent and be thought a fool,
than to speak, and remove all doubt.
More information about the freebsd-stable