Re: Filtering users by group

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Arthur de Jong <arthur [at] arthurdejong.org>
To: nss-pam-ldapd-users <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Subject: Re: Filtering users by group
Date: Fri, 21 May 2010 20:36:08 +0200

On Fri, 2010-05-21 at 10:39 -0300, ROGERIO DE CARVALHO BASTOS wrote:
> Is there a way to restrict authentication by group membership ?
> 
> Like this in libpam-ldap:
> 
> # Group to enforce membership of
> pam_groupdn cn=remo_meso,ou=Groups,dc=fisnuc,dc=intranet,dc=ufba,dc=br

nss-pam-ldapd does not have a pam_groupdb option, but something similar
can be done with pam_authz_search:

pam_authz_search (&(objectClass=posixGroup)(cn=remo_meso)(memberUid=$username))

Note that the pam_authz_search option is a bit new (available since
0.7.4) so it has not yet seen a lot of testing.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

Re: pam-ldapd and multiples uri, (continued)
- Re: pam-ldapd and multiples uri, Arthur de Jong
  - Re: pam-ldapd and multiples uri, ROGERIO DE CARVALHO BASTOS
  - Filtering users by group, ROGERIO DE CARVALHO BASTOS
    - Re: Filtering users by group, Ryan Steele
    - Re: Filtering users by group, Arthur de Jong

Prev by Date: Re: Filtering users by group
Next by Date: Re: Filtering users by group
Previous by thread: Re: Filtering users by group
Next by thread: Re: Filtering users by group