[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_groupdn login restriction

To: Paul <pma5201@yahoo.com>
Subject: Re: pam_groupdn login restriction
From: Howard Chu <hyc@symas.com>
Date: Sun, 01 Nov 2009 18:04:57 -0800
Cc: openldap-technical@openldap.org
In-reply-to: <433950.14699.qm@web110402.mail.gq1.yahoo.com>
References: <433950.14699.qm@web110402.mail.gq1.yahoo.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9.1.5pre) Gecko/20091025 Lightning/1.0pre SeaMonkey/2.0a1pre Firefox/3.0.3

Paul wrote:
> I'm currently trying to get group based login working with little success
using pam_groupdn on CentOS. Currently, any existing LDAP user is allowed to
login to the system, but it does throw the error: "You must be a member of
cn=login,ou=Group,dc=mydomain,dc=com to login." I would like to deny logins
for any ldap users unless they exist in the specified group (in this case,
cn=login,ou=Group,dc=mydomain,dc=com). Can anyone tell me what I'm doing wrong
or point me toward some documentation?

Your question has nothing to do with OpenLDAP and has everything to do with
PAM. Read the docs for pam.conf.

-- 
  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/

References:
- pam_groupdn login restriction
  - From: Paul <pma5201@yahoo.com>

Prev by Date: pam_groupdn login restriction
Next by Date: RE: pam_groupdn login restriction
Index(es):
- Chronological
- Thread