FreeBSD and LDAP users, bug or feature?

From: Joel Dahl <joel_at_vnode.se>
Date: Thu, 17 May 2012 11:49:49 +0200
Hi,

I have a machine running FreeBSD and openldap24-server, and several client
machines running FreeBSD and openldap24-client and I'm experiencing a weird
behaviour with adduser/pw. I create my LDAP users on the LDAP server, with
UIDs starting at 5001. Local users on the server and clients should start
at UID 1001, but this does not really work. If I use adduser to create a new
local user on one of the client machines, it'll automatically be assigned
with UID 5002 - which I find very confusing. This also breaks my LDAP setup,
because when I add an LDAP user on the server, it'll also get UID 5002.

Running pw usernext on one of the client machines confirms this behaviour:

root_at_crashbox [~] pw usernext
5002:5002

But looking inside my /etc/passwd on the same machine reveals that the next
free UID should be 1002.

So pw is obviously getting information from LDAP and tries to be friendly
and automatically gives me the next free UID from LDAP - which would make
sense if pw could create LDAP users in addition to local users, but it can't.

So right now I'm forced to check /etc/passwd on my machines each time I
add a new local user and manually use that UID whenever I run adduser or pw.
It works, but it's easy to shoot myself in the foot.

Is this intended behaviour, or a bug? Or perhaps a misconfiguration on my
part?

I can provide configuration examples from my environment, but there
really isn't much to see - I haven't made many changes besides installing
the required applications from ports (openldap,nss_ldap,pam_ldap), changed
my nsswitch.conf and a couple of files in /etc/pam.d/.

-- 
Joel
Received on Thu May 17 2012 - 07:49:54 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:27 UTC