Download your favorite Linux distribution at LQ ISO.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 11-09-2006, 02:26 AM   #1
Registered: Aug 2006
Location: Shen Zhen
Distribution: Ubuntu 10.04
Posts: 198

Rep: Reputation: 33
Duplicate users in both local group and LDAP?

Hello all,

There's some trouble with using LDAP: when the LDAP have accounts whose usernames are same as local users, I found LDAP "admin" user even is able to control my whole system, add/delete local user, and remove volumes/RAIDs, it seems as a serious security problems.

So,would you give me some advises on how to do with the duplicated users in LDAP and Local?

Any suggestion would be appreciated.

Kind regards,
Old 11-09-2006, 03:03 AM   #2
Registered: Sep 2004
Location: Malaysia, Johor
Distribution: Dual boot MacOS X/Ubuntu 9.10
Posts: 851

Rep: Reputation: 31
if I not mistaken once you use ldap to authenticate your system, the local user won't able to authenticate your sistem anymore. About the admin user inside ldap have high permission, probably because of your previous setting. I'd not yet implement ldap to manage entire enterprise, so below is only a possible reason:-
-Before set the PAM and nsswitch.conf, open 1 terminal and login as root (standby)
-using openldap + ssl for authentication (as I mentioned just now, after this not able to authenticate local userm include root)
-try using ldap user login
-after you able to login successfully, at terminal which you open just now, type visudo and let admin have all permission(At this momment, admin user can assume as root user, because we still need a superuser)
-or, probably the admin uid=0 inside ldap, which same with local root

So, above is the my opinion why this happening, and I really not very sure yet.
The conclusion is, local user no longer use for authentication, the super user 'admin' in your sistem is replacement for 'root'.
Regarding the security, sure you need to have a good network infrastructure like ssl, kerberos, lv3 switch, latest patches and etc, tight ldap permission and authorisation.

Am I answering your question?


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Struggling to setup a Debian/etch desktop: LDAP users and LOCAL users jferrando Linux - Networking 1 05-05-2006 03:44 PM
how to authenticate external users but bypass prompt on local LAN users? taiwf Linux - Security 5 07-13-2005 09:01 AM
/etc/group - the group users empty Artanicus Linux - General 2 02-22-2005 04:25 AM
LDAP based group problems looseCannon Solaris / OpenSolaris 3 12-02-2004 03:42 PM
Duplicate users accounts mneves Linux - General 3 04-19-2004 06:38 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 01:15 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration