Skip to content

Setting the loginShell LDAP attribute to a non-existent binary breaks user login

Evidence found in /var/log/auth.log:

User zen not allowed because shell /usr/bin/fish does not exist

Some things to consider that could help:

  • Add/improve documentation (ldap, accounts, etc)
  • Fallback to a default shell?
  • Reconsider the loginShell LDAP attribute altogether (see discussion in #40854 (closed))
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information