[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Pam_ldap group access



On Thu, 17 Jun 2010, Indexer wrote:

membership logins a notice appears that says "You must be a memberUid of cn=login,ou=Nemo,ou=Group,dc=chocolate,dc=lan to login.", but the user is still able to continue and login, and it is not enforcing the group
[...]
account         optional        /usr/local/lib/pam_ldap.so

Of course they're able to continue; that check is optional in a stack that contains other results. See pam.conf(5) man page.