On Wed, 2010-01-27 at 21:39 +1100, Alex Samad wrote: > I am getting > > nslcd[4724]: [8d6a35] entry uid=alex,ou=People,dc=samad,dc=com,dc=au contains > multiple cn values > > because by object has multiple cn's which is allowed for this object > class. I was wondering if maybe the best way to handle this is to > either take the cn from the DN, or two create multiple records one for > each cn ?
The problem with returning multiple records is that this will confuse some applications (it is known to confuse Glibc's nscd). Also, in the end the NSS part will only return one entry for direct name lookups (e.g. getent passwd alex will only return one row). For some object classes nslcd already looks at the DN to see the preferred name (e.g. hostnames, the other entries are taken as aliases) but for usernames I think this will only cause confusion. By default nslcd only uses the cn attribute if the gecos attribute isn't set (and uses the first attribute value it finds). What is on the TODO list is to implement rate-limiting for the above messages. Something like only log a certain complaint on a certain DN once in 15 minutes. This however needs some more thought because for a system with a lot of problematic entries this would result in a lot of log messages anyway. Anyway, thanks for your email and thanks for using nss-pam-ldapd. -- -- arthur - adej...@debian.org - http://people.debian.org/~adejong --
signature.asc
Description: This is a digitally signed message part
