[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP with ppolicy and SSSD configuration question.

On 28/11/2013 08:56, Turbo Fredriksson wrote:
On Nov 28, 2013, at 9:30 AM, Liam Gretton wrote:

Now I use a custom 'lock' attribute on all accounts and use a LDAP filter at the client end. This is fine for our purposes but could be a problem for appliances that don't provide much in the way of LDAP configuration options.

I've used something similar to limit access on host level, but if
I remember correctly, such a filter would hide the account from
the system, not only lock it... ?

No, this is PAM configuration, not NSS.

You can use 'pam_filter' in the PAM LDAP module to filter on an attribute's value. For NSS there's a similar 'filter' option but as long as that's not changed the user won't disappear.

Liam Gretton                                    liam.gretton@le.ac.uk
Systems Specialist                            http://www.le.ac.uk/its
IT Services                                   Tel: +44 (0)116 2522254
University of Leicester, University Road
Leicestershire LE1 7RH, United Kingdom