Commit 3b9927e1 authored by Maciej Delmanowski's avatar Maciej Delmanowski

[debops.nsswitch] Don't show 'shadow' LDAP data

The 'shadow' database LDAP information shouldn't be needed on the hosts.
Showing LDAP entries via the 'getent shadow' command can be confusing on
unprivileged accounts, therefore the database will not be included in
NSS switch table by default.
parent a3555517
......@@ -89,7 +89,7 @@ nsswitch__combined_services: '{{ lookup("flattened", (nsswitch__default_services
nsswitch__default_database_map:
'passwd': [ 'compat', 'mymachines', 'systemd', 'sss', 'ldap', 'winbind' ]
'group': [ 'compat', 'mymachines', 'systemd', 'sss', 'ldap', 'winbind' ]
'shadow': [ 'compat', 'sss', 'ldap' ]
'shadow': [ 'compat', 'sss' ]
'gshadow': [ 'files' ]
'initgroups': []
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment