At some point, this started working again after a dist-upgrade, so nss_initgroups_ignoreusers is working for me.
The only thing I've done on top of that for house keeping purposes, is to modify the init script to remove the ignoreusers line on system start (the configs are controlled vi puppet, and the file will keep changing otherwise).
For anyone else with a similar issue, I'm using this:
At some point, this started working again after a dist-upgrade, so nss_initgroups_ ignoreusers is working for me.
The only thing I've done on top of that for house keeping purposes, is to modify the init script to remove the ignoreusers line on system start (the configs are controlled vi puppet, and the file will keep changing otherwise).
For anyone else with a similar issue, I'm using this:
~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~
#! /bin/sh -e
### BEGIN INIT INFO ignoreusers based on minimum_ uid
# Provides: libnss-ldap
# Required-Start:
# Required-Stop: mountall.sh
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: Updates /etc/ldap.conf
# Description: Updates nss_initgroups_
# nss_initgroups_
### END INIT INFO
PATH="/ sbin:/bin: /usr/sbin: /usr/bin" init-functions
. /lib/lsb/
case "$1" in begin_msg "Removing nssldap- update- ignoreusers changes" initgroups_ ignoreusers/ d" /etc/ldap.conf ; then action_ end_msg 0 action_ end_msg 1 force-reload| stop) begin_msg "Running nssldap- update- ignoreusers" update- ignoreusers ; then action_ end_msg 0 action_ end_msg 1 restart| force-reload| stop}" ~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~~~~ ~~~~
start)
log_action_
if sed -i "/^nss_
log_
else
log_
exit 1
fi
;;
restart|
log_action_
if nssldap-
log_
else
log_
exit 1
fi
;;
*)
echo "Usage: $0 {start|
exit 1
;;
esac
exit 0
~~~~~~~