[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_groupdn: multi-valued?

To: openldap-software@OpenLDAP.org
Subject: Re: pam_groupdn: multi-valued?
From: John Ziniti <jziniti@speakeasy.org>
Date: Tue, 21 Oct 2003 11:05:41 -0400
In-reply-to: <1066743055.17198.4.camel@newhotness.CS.Princeton.EDU>
References: <1066743055.17198.4.camel@newhotness.CS.Princeton.EDU>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031020

Brian K. Jones wrote:

The RH-PAM list and google got me nowhere, so here I am. I'm just wondering if my efforts to get pam_groupdn (in /etc/ldap.conf on RH9) to enforce membership of any of 3 groups are failing because of syntax weirdness or because it's just not supported. Does anyone happen to have this kind of thing working? I really don't want to have to add all of the users permitted to log on to a machine to a single group.


Unfortunatley, I don't think this is the right place for this question
either ... :-(

The best I can tell you is that if you have control of the LDAP server,
you should crank up the debug output, and then see what happens when
users try to log in.  Does the server receive membership requests for
all three groups?  OTOH, what's so bad about having to add all users
permitted to log in to a single group?

PS - is there a manpage for /etc/ldap.conf? The default one is for /etc/openldap/ldap.conf, which has little or nothing to do with nss.


Once again, this list has also very little to do with nss.  I would
check your distro's documentation directory for the pam_ldap package
or nss_ldap package and see if there is more info there.

HTH,

John Ziniti

Follow-Ups:
- Re: pam_groupdn: multi-valued?
  - From: "Alan Sparks" <asparks@doublesparks.net>

References:
- pam_groupdn: multi-valued?
  - From: "Brian K. Jones" <jonesy@CS.Princeton.EDU>

Prev by Date: Re: ldap_add() return LDAP_UNWILLING_TO_PERFORM
Next by Date: Re: kpasswd
Index(es):
- Chronological
- Thread