getent problems
by doitt from LinuxQuestions.org on (#4WPNJ)
I just set up my first centos 7 server. I'm using pam and netgroups to allow only a certain number of people to log into the server.
My problem is with getent. When I issue the getent passwd, I am getting a list of EVERYONE listed in the BASE (from the openldap/ldap.conf file).
I thought that getent would only return the people listed in the netgroup. I do NOT want everyone in this list to be able to log in to my server.
What's even stranger: If I remove the netgroup from /etc/passwd and do a getent passwd, I still get the same list of people.
I have nlscd, pam ldap and openldap installed. I'm using nssswtich.conf as follows:
passwd: files ldap
group: files ldap
ethers: files
netmasks: files
networks: files dns
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: files
passwd_compat: ldap
I added my netgroup to /etc/passwd: +@zvmaio::::::
When I enter "getent netgroup zvmaio" is responds with the netgroup name, none of the entries in the netgroup.
My problem is with getent. When I issue the getent passwd, I am getting a list of EVERYONE listed in the BASE (from the openldap/ldap.conf file).
I thought that getent would only return the people listed in the netgroup. I do NOT want everyone in this list to be able to log in to my server.
What's even stranger: If I remove the netgroup from /etc/passwd and do a getent passwd, I still get the same list of people.
I have nlscd, pam ldap and openldap installed. I'm using nssswtich.conf as follows:
passwd: files ldap
group: files ldap
ethers: files
netmasks: files
networks: files dns
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: files
passwd_compat: ldap
I added my netgroup to /etc/passwd: +@zvmaio::::::
When I enter "getent netgroup zvmaio" is responds with the netgroup name, none of the entries in the netgroup.