[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: pam_groupdn login restriction

To: <pma5201@yahoo.com>, <openldap-technical@openldap.org>
Subject: RE: pam_groupdn login restriction
From: Joe Friedeggs <friedeggs44@hotmail.com>
Date: Sun, 1 Nov 2009 21:12:29 -0600
Importance: Normal
In-reply-to: <433950.14699.qm@web110402.mail.gq1.yahoo.com>
References: <433950.14699.qm@web110402.mail.gq1.yahoo.com>

> /etc/ldap.conf:
> uri ldaps://ldap.mydomain.com
> base dc=mydomain,dc=com
> binddn cn=user,ou=People,dc=mydomain,dc=com
> bindpw password
> bind_policy soft
> pam_password md5
> pam_login_attribute userID
> pam_groupdn cn=login,ou=Groups,dc=mydomain,dc=com
> pam_member_attribute member
> pam_lookup_policy yes
> tls_checkpeer no
> ssl on
>
> LDAP login group:
> dn: cn=login,ou=Group,dc=mydomain,dc=com
> objectClass: top
> objectClass: posixGroup
> cn: login
> description: login group
> gidNumber: 100
> memberUid: user1
> memberUid: user2
>
The pam_member_attribute must match the LDAP 'attribute' used in the LDAP login groups; memberUid in your case (not member). Simply mistake?
 
Joe 
 		 	   		  
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141665/direct/01/

References:
- pam_groupdn login restriction
  - From: Paul <pma5201@yahoo.com>

Prev by Date: Re: pam_groupdn login restriction
Next by Date: LDap Search query returning null value
Index(es):
- Chronological
- Thread