On Saturday, December 15, 2018 06:18:49 PM Ryan Tandy wrote:
On Fri, Dec 14, 2018 at 03:24:17PM -0500, Jean-Francois Malouin wrote:
I'm using libnss-ldap along with pam-ldap on Ubuntu and Debian clients.
I have not tried this myself, but recent versions of nss-pam-ldapd appear to include a 'chsh.ldap' command in the nslcd-utils package. However it looks like that would require you to be using libnss-ldapd and libpam-ldapd with nslcd, rather than the old libnss-ldap and libpam-ldap.
It is probably not a good idea to do chsh in a LDAP controlled site in the first place. What if the user chsh into something not installed on every host, then realize she cannot login anymore?
local chsh at least is protected by the local /etc/shells. It is probably simpler and safer to have a line of "exec zsh --login" in their .profile file