[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Attributes for filtering OS logins

Disregard my response below. I misread the problem statement. I thought
the you were trying to filter logins based on an attribute, which is
what the subject line said.

Prentice Bisbal wrote:
> Anton Chu wrote:
>> I have a scenario where I want to setup two LDAP groups where one group
>> can access a file on the server while the other one cannot after they
>> login.  Can some PAM tweaks make this happen if not on the ldap side?
> Yes. See the man page for pam_ldap:
> pam_groupdn <groupdn>
>               Specifies the distinguished name of a group to which a
> user must belong for logon authorization to succeed.
> pam_member_attribute <attribute> Specifies the attribute to use when
> testing a user’s membership of a group specified in the pam_groupdn option.