[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: pam_groupdn login restriction

Paul wrote:
> I'm currently trying to get group based login working with little success
using pam_groupdn on CentOS. Currently, any existing LDAP user is allowed to
login to the system, but it does throw the error: "You must be a member of
cn=login,ou=Group,dc=mydomain,dc=com to login." I would like to deny logins
for any ldap users unless they exist in the specified group (in this case,
cn=login,ou=Group,dc=mydomain,dc=com). Can anyone tell me what I'm doing wrong
or point me toward some documentation?

Your question has nothing to do with OpenLDAP and has everything to do with
PAM. Read the docs for pam.conf.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/