This content has been marked as final. Show 2 replies
I know this is an old post, but we have the same problem, and I can't find any solution or workaround. Some of our users have entries with same user id in both ou=ansatt and ou=student, but most users have only one entry.
On some servers we want to permit users in both ou=ansatt and ou=student to log in. If we use this client configuration:
NS_LDAP_SERVERS= xxx yyy zzz
the users with entries in both ou=ansatt and ou=student are refused to log in via ssh, and the log shows:
libsldap: Status: 7 Mesg: Too many entries are returned for <user>
Is there a way to solve this? The way we want it to work is: Log in using the entry in ou=ansatt if it exists, else use the entry in ou=student.
This is why unique uids are preferred. Any particular reason the uid exists in both
paths? If the user is a student in the CS department, I would just leave them in
the ou=People,dc=students OU. Or, dispense with the student OU and make it
a Group or Netgroup. If, however, the users are actually two distinct people, then
you should either rename one uid, or change how you filter out things.