[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: LDAP Replacement for NIS

>I just use one big branch for all users, but I think that you can tweak
>the pam settings in /etc/ldap.conf to limit searchs to a particular DN.
>This might come close to what you're looking for.  That way you could
>restrict searchs to say, ou=admins, or something.

That's one option. Or you could use the pam_filter attribute to restrict
access to users with a particular attribute; or pam_groupdn to enforce
membership of a group; or checking the "host" attribute for access

-- Luke

PS. Please use the pamldap@padl.com list for discussing pam_ldap.

PPS. nss_ldap doesn't support netgroups in LDAP, but our LDAP/NIS
gateway does.

Luke Howard | lukehoward.com
PADL Software | www.padl.com