Bug 592488 - getent returns the login shell of the users even though the remote LDAP server has no such entry.
Summary: getent returns the login shell of the users even though the remote LDAP serve...
Keywords:
Status: CLOSED DUPLICATE of bug 592965
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: nss-pam-ldapd
Version: 6.0
Hardware: All
OS: Linux
low
medium
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: BaseOS QE Security Team
URL:
Whiteboard:
Depends On: 592411 592965
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-14 22:18 UTC by Nalin Dahyabhai
Modified: 2010-05-17 14:51 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 592411
Environment:
Last Closed: 2010-05-17 14:51:42 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Nalin Dahyabhai 2010-05-14 22:18:55 UTC
+++ This bug was initially created as a clone of Bug #592411 +++

Description of problem:
getent returns the login shell of the users (puser1 & puser2 in this case) even though the remote LDAP server has no such entry.

Version-Release number of selected component (if applicable):
nss-pam-ldapd-0.7.3-1.el6.x86_64

How reproducible:


Steps to Reproduce:

1. Make sure there exists no "loginshell" attribute for the users on the ldap server.

2. Configure /etc/nslcd.conf:
# cat /etc/nslcd.conf
uid nslcd
gid ldap
uri ldaps://shanksldap.idm.lab.bos.redhat.com:636
base dc=example,dc=com
tls_cacertdir /etc/openldap/cacerts

3. getent -s ldap passwd. Observe that the loginshell is returned for puser1 and puser2.

Actual results:

/# /usr/bin/ldapsearch -x -h shanksldap.idm.lab.bos.redhat.com -p 389 -D "cn=Directory Manager" -w Secret123 -b "uid=puser1,ou=People,dc=example,dc=com"
# extended LDIF
#
# LDAPv3
# base <uid=puser1,ou=People,dc=example,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# puser1, People, example.com
dn: uid=puser1,ou=People,dc=example,dc=com
uidNumber: 1001
gidNumber: 1001
objectClass: top
objectClass: posixAccount
uid: puser1
cn: Posix User1
homeDirectory: /export/puser1
userPassword:: e1NTSEF9ZVRKdWZxNWJtS0Q4SGVON01EZ0JuYzB0cUdzQWluUGlOZzM5TUE9PQ=
 =



# getent -s ldap passwd 
shanks:*:1010:1010:shanks:/home/shanks:/bin/bash
sssd:*:5000:5000:SSSD:/home/sssd:/bin/bash
puser1:*:1001:1001:Posix User1:/export/puser1:/bin/bash  <===========
puser2:*:1002:1002:Posix User2:/export/puser2:/bin/bash  <===========
puser3:*:999:999:Posix User3:/export/puser3:/bin/bash


Expected results:

Should not return missing attributes.

Additional info:

Comment 1 RHEL Program Management 2010-05-14 22:25:11 UTC
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux major release.  Product Management has requested further
review of this request by Red Hat Engineering, for potential inclusion in a Red
Hat Enterprise Linux Major release.  This request is not yet committed for
inclusion.

Comment 2 Nalin Dahyabhai 2010-05-17 14:51:42 UTC

*** This bug has been marked as a duplicate of bug 592965 ***


Note You need to log in before you can comment on or make changes to this bug.