[Date Prev][Date Next]
> Hello, I have authentication working great with ldap/nsswitch/pam.
> I was wondering how to handle group permissions, or basically how to
> emulate /etc/group.
I'm not sure if this is what you're looking for, but you can use for example
# Group to enforce membership of
in the ldap.conf of the nss_ldap package. It will only allow people in this
group. Another solution is to use filters. For example:
# Filter to AND with uid=%s
Where the testServices and testStatus are attributes in a new defined schema.
When you use filters though, make sure that nss_ldap can't read the
userPassword attributes or they won't work. To solve the problem use correct
access lists, for example:
access to attrs=userPassword
by self write
by dn=uid=root,c=PL write
by * compare
This gave me a lot of headache. This has something to do with pam_unix.o &
company. Hope this helps.
"Smile, tomorrow will be worse!"