[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control via pam

On Tue, 6 Feb 2001, Stephan Siano wrote:

> Am Dienstag,  6. Februar 2001 13:30 schrieb Andy Gale:
> > We want to get slapd to use PAM to authorise users.
> >
> > The users I want to authorise are set-up as proper users
> > on our FreeBSD box, which aren't necessarily contained
> > (but could be if it's necessary) in the ldap database.
> >
> > Do users that are allowed to connect to the slapd daemon
> > have to be in the ldap database under a certain objectclass ?
> >
> > I'm not sure what I'm missing, but I am missing something...

Actually you can set this up in the nsswitch.conf.  Just put in an entry
like this:

passwd:		ldap	files
group:		ldap	files

and make sure you ldap.conf is setup right.  If this doesn't work, make
sure you have an nss that supports ldap and that you have the proper POSIX
entries in you database.

If you are intent on using ldap with PAM (I do for a radius daemon I run),
make sure you use pam_ldap.so and pam_unix.so if you want LDAP and passwd

Hope this helps.

Cliff Friedel