[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Attributes for filtering OS logins

Anton Chu wrote:
> I have a scenario where I want to setup two LDAP groups where one group
> can access a file on the server while the other one cannot after they
> login.  Can some PAM tweaks make this happen if not on the ldap side?

Yes. See the man page for pam_ldap:

pam_groupdn <groupdn>
              Specifies the distinguished name of a group to which a
user must belong for logon authorization to succeed.
pam_member_attribute <attribute> Specifies the attribute to use when
testing a user’s membership of a group specified in the pam_groupdn option.