public inbox for libc-help@sourceware.org
 help / color / mirror / Atom feed
* Howto determine a shared/network source of users and groups is active?
@ 2022-09-22 13:40 Stef Bon
  2022-09-23  5:14 ` Florian Weimer
  0 siblings, 1 reply; 5+ messages in thread
From: Stef Bon @ 2022-09-22 13:40 UTC (permalink / raw)
  To: libc-help

Hi all,

I hope you are all doing ok.

I'm working on a service based on SSH connections and SFTP file transfer.
To make the name and/or id translation work I'm looking for a way the
user and group databases are shared between server and client. If so,
it is very easy.
If not I have to create a mapping.

I can write an utility which
scans every line in /etc/nsswitch.conf and test for words like ldap in
the line starting with passwd: and group: (and also for sss).
If found test it's working and also active on the server.
Maybe you see, this is a lot of work, and testing of all kinds of possibilities.
Is there a simpler way to do that? To get an unique id per user/group
database or something like that.

Thanks in advance,

S.J. Bon

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Howto determine a shared/network source of users and groups is active?
  2022-09-22 13:40 Howto determine a shared/network source of users and groups is active? Stef Bon
@ 2022-09-23  5:14 ` Florian Weimer
  2022-09-23  7:18   ` Stef Bon
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2022-09-23  5:14 UTC (permalink / raw)
  To: Stef Bon via Libc-help; +Cc: Stef Bon

* Stef Bon via Libc-help:

> I can write an utility which
> scans every line in /etc/nsswitch.conf and test for words like ldap in
> the line starting with passwd: and group: (and also for sss).
> If found test it's working and also active on the server.
> Maybe you see, this is a lot of work, and testing of all kinds of possibilities.
> Is there a simpler way to do that? To get an unique id per user/group
> database or something like that.

Don't you also want to check that they use the *same* LDAP database?
This seems to be something that needs FreeIPA or perhaps Kerberos
support, so I'd suggest to ask on those lists.

Thanks,
Florian


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Howto determine a shared/network source of users and groups is active?
  2022-09-23  5:14 ` Florian Weimer
@ 2022-09-23  7:18   ` Stef Bon
  2022-09-23  7:54     ` Florian Weimer
  0 siblings, 1 reply; 5+ messages in thread
From: Stef Bon @ 2022-09-23  7:18 UTC (permalink / raw)
  To: Florian Weimer; +Cc: Stef Bon via Libc-help

Hi,

Op vr 23 sep. 2022 om 07:14 schreef Florian Weimer <fweimer@redhat.com>:
>
> * Stef Bon via Libc-help:
>

>
> Don't you also want to check that they use the *same* LDAP database?

Yes of course.

> This seems to be something that needs FreeIPA or perhaps Kerberos
> support, so I'd suggest to ask on those lists.

That is an idea, but to begin with is there a way/tool to detect the
sources /databases of the passwd and group in Linux? Other than
scanning the /etc/nsswitch.conf file?

So probably not.

Stef

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Howto determine a shared/network source of users and groups is active?
  2022-09-23  7:18   ` Stef Bon
@ 2022-09-23  7:54     ` Florian Weimer
  2022-10-05 17:28       ` Stef Bon
  0 siblings, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2022-09-23  7:54 UTC (permalink / raw)
  To: Stef Bon; +Cc: Stef Bon via Libc-help

* Stef Bon:

>> This seems to be something that needs FreeIPA or perhaps Kerberos
>> support, so I'd suggest to ask on those lists.
>
> That is an idea, but to begin with is there a way/tool to detect the
> sources /databases of the passwd and group in Linux? Other than
> scanning the /etc/nsswitch.conf file?
>
> So probably not.

No, I don't think so.  The LDAP integration module probably isn't even
called “ldap”.  For example, in Fedora and downstreams, it's called
“sss”.

Thanks,
Florian


^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: Howto determine a shared/network source of users and groups is active?
  2022-09-23  7:54     ` Florian Weimer
@ 2022-10-05 17:28       ` Stef Bon
  0 siblings, 0 replies; 5+ messages in thread
From: Stef Bon @ 2022-10-05 17:28 UTC (permalink / raw)
  To: Florian Weimer; +Cc: Stef Bon via Libc-help

Sorry for my late reaction.

It looks like the only way to find out users and groups are shared is
scanning the nsswitch.conf file. And from there check the services
found.

On my system (gentoo) it's also named sss.

Thanks,

Stef Bon

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2022-10-05 17:29 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-09-22 13:40 Howto determine a shared/network source of users and groups is active? Stef Bon
2022-09-23  5:14 ` Florian Weimer
2022-09-23  7:18   ` Stef Bon
2022-09-23  7:54     ` Florian Weimer
2022-10-05 17:28       ` Stef Bon

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).