I am a newbie on PAM and NSS so please be gentle.
I have the following scenario:
I have access to a ldap database but I have no control over its administration (so please do not say that the proper fix is to fix the database, I know that already but it will not happen). However, in the database all users are registred and I would like to authenticate against this to not have to maintian my own user database.
The main problem is that there is no uid or gid information in the database and the ldap admins refuse to add this information.
My idea:
Configure PAM so that it can authenticate against LDAP. If the user sucessfully authenticates, PAM (via pam-script?) creates a local user (in /etc/passwd) with local unique uid. This local user is later used by nss to find the uid and guid.
What I have done so far and my question:
I can authenticate against ldap and I have an idea on how to create the user at login but I am failing to make NSS use "local users" for getting uid and gid. How can I split the login so that I only use ldap for authentication and uses local files for finding the uid and guid, shell etc ?
