[Date Prev][Date Next]
Re: pam_groupdn: multi-valued?
Brian K. Jones wrote:
The RH-PAM list and google got me nowhere, so here I am. I'm just
wondering if my efforts to get pam_groupdn (in /etc/ldap.conf on RH9) to
enforce membership of any of 3 groups are failing because of syntax
weirdness or because it's just not supported. Does anyone happen to have
this kind of thing working? I really don't want to have to add all of
the users permitted to log on to a machine to a single group.
Unfortunatley, I don't think this is the right place for this question
either ... :-(
The best I can tell you is that if you have control of the LDAP server,
you should crank up the debug output, and then see what happens when
users try to log in. Does the server receive membership requests for
all three groups? OTOH, what's so bad about having to add all users
permitted to log in to a single group?
PS - is there a manpage for /etc/ldap.conf? The default one is for
/etc/openldap/ldap.conf, which has little or nothing to do with nss.
Once again, this list has also very little to do with nss. I would
check your distro's documentation directory for the pam_ldap package
or nss_ldap package and see if there is more info there.