[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting finger lookup access on Linux



On Sep 15, 2009, at 10:41 AM, Howard Chu wrote:

Rex Roof wrote:
Yes, or a configuration for PAM that limits which users it provides
information for.
PAM doesn't return user information at all. This is strictly for nss- 
ldap. You
could also add a filter to nss-ldap's config file. Unfortunately the  
most
straightforward filter (memberOf=<the group DN>) won't work with  
OpenLDAP's
memberof overlay. If your group was actually a dynamic group, then  
you could
use the same filter criteria that the dynamic group uses.

-Rex

From what I can tell, nss_ldap and pam_ldap use the same config file in centos, /etc/ldap.conf. So they both use the same proxy user?
What do you mean by dynamic group?  I'm open to changing to some other  
setup.
-Rex