[Classic-discuss] can´t login locally without openldap running
Mikael Bak
mikael at tinysofa.org
Mon Mar 5 08:57:18 UTC 2007
On Sunday 04 March 2007 17:59, Rolf Deenen wrote:
> Hello list,
>
Hi,
> I have a tinysofa server running with all the "normal" users stored in a
> ldap directory. Accounts like "httpd", "postfix" and also "root" are
> stored locally in "shadow".
You'll also need them in /etc/passwd
> I have noticed i am unable to login locally as root whan ldap is not
> running (despite root being a local account). Does anybody know how to let
> me login without ldap running? I want to tighten the security of my ldap
> directory but i am afraid i will accidentilly lock my self out.
>
Maybe I don't understand your problem. You have lots of users in LDAP and some
system users in /etc/passwd and of course /etc/shadow. Why are you turning
off the LDAP service?
Perhaps you can check /etc/nsswitch.conf to see in what order "files"
and "ldap" has for passwd, shadow and group. Mine looks something like this:
[snip]
passwd: files ldap
shadow: files ldap
group: files ldap
[snip]
I can't turn off LDAP service to check what happens here because this is a
heavily loaded server and that would result in the users can't access the
services. Right now I don't have access to a working LDAP test environment.
> Thanks in advance,
> Rolf Deenen
>
Please tell us more about your setup.
HTH,
Mikael
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.tinysofa.org/pipermail/classic-discuss/attachments/20070305/5deb168f/attachment.bin
More information about the Classic-discuss
mailing list