[cups.general] CUPS, LDAP and user groups
Michael R Sweet
msweet at apple.com
Wed Oct 22 20:21:26 PDT 2008
Dmitry wrote:
>> Dmitry wrote:
>>> ...
>>> But the question is -- how to make CUPS check users and groups against LDAP and not only against local files?
>> As long as nsswitch.conf points the passwd and group files to LDAP,
>
>> CUPS uses PAM when available for Basic authentication. The
>> /etc/pam.d/cups file defines the auth modules to use on Linux.
>>
>
>
> Ah! I have found the origin of the problem.
>
> In my case CUPS authenticates users against LDAP (that's how my PAM is configured), BUT it looks for user groups in 'group' file, because NSS is configured this way:
>
> ----------------nsswitch.conf---------------------------
> passwd: files ldap
> group: files ldap
> shadow: files ldap
> --------------------------------------------------------
>
> So it checks the user groups in local files and doesn't want to look into LDAP (so CUPS takes first result which is negative in my case).
>
> Is it possible to tell CUPS to look into LDAP anyway WHITHOUT rewriting nsswitch.conf?
No, because we depend on the POSIX APIs to lookup the groups.
--
______________________________________________________________________
Michael R Sweet Senior Printing System Engineer
More information about the cups
mailing list