[Date Prev][Date Next] [Chronological] [Thread] [Top]

PAM-Authentication / ACL


I try to write an ACL for my OpenLDAP 2.0.25 installation. I want to allow users to login using PAM. Authenticated users may read some, not all attributes; anonymous users should not be able to see any entry of the directory at all. I can not figure out, which attributes must be readable in order to allow PAM to authenticate. In my pam_ldap.conf it says:
pam_filter objectclass=posixAccount
pam_login_attribute uid

If I set my ACL to "access to * by * read" it works but with 

access to attr=userPassword
        by self write
        by anonymous auth
        by dn="cn=Manager,dc=mrball,dc=net" write
        by * none
access to attr=dn,objectclass,loginShell,objectClass,o,entry,uidNumber,gidNumber,dc,uid
        by anonymous read
        by * read
access to *
        by self read
        by users read
        by anonymous auth

it does not.

Could anyone help me with this?

Thank you in advance,

Jan-Philipp Mayer

Attachment: 00000000.mimetmp
Description: PGP signature

Attachment: pgp0iDfdAy4cS.pgp
Description: PGP signature