OK, so rolling around some ideas on how to handle this. One simple way, one somewhat complex, but kind of neat, way.
Method 1:
Use a config file for nssldap-update-ignoreusers. Probably /etc/default/nssldap-update-ignoreusers. Have a single line something like:
nss_initgroups_okusers=user1,user2,user3,etc.
If a user was in that list, nssldap-update-ignoreusers would not include the user in the nss_initgroups_ignoreuses line when it updates the ldap.conf file.
Method 2:
Create a new system-level group named something like nss_okusers. Then, if a user was a member of that group, nssldap-update-ignoreusers would not include the user in the nss_initgroups_ignoreuses line when it updates the ldap.conf file. But that's abusing groups for system configuration, which I'm not sure is the best idea.
Comments? Questions?
We're talking about five lines at most of shell code. I believe it would be a worthwhile addition to nssldap-update-ignoreusers.
OK, so rolling around some ideas on how to handle this. One simple way, one somewhat complex, but kind of neat, way.
Method 1: update- ignoreusers. Probably /etc/default/ nssldap- update- ignoreusers. Have a single line something like:
Use a config file for nssldap-
nss_initgroups_ okusers= user1,user2, user3,etc.
If a user was in that list, nssldap- update- ignoreusers would not include the user in the nss_initgroups_ ignoreuses line when it updates the ldap.conf file.
Method 2: update- ignoreusers would not include the user in the nss_initgroups_ ignoreuses line when it updates the ldap.conf file. But that's abusing groups for system configuration, which I'm not sure is the best idea.
Create a new system-level group named something like nss_okusers. Then, if a user was a member of that group, nssldap-
Comments? Questions?
We're talking about five lines at most of shell code. I believe it would be a worthwhile addition to nssldap- update- ignoreusers.
I might just work it up and attach a patch. :)