RSS feed

Re: Filtering users by group

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Filtering users by group

Quoting Arthur de Jong <>:

On Fri, 2010-05-21 at 10:39 -0300, ROGERIO DE CARVALHO BASTOS wrote:
Is there a way to restrict authentication by group membership ?

Like this in libpam-ldap:

# Group to enforce membership of
pam_groupdn cn=remo_meso,ou=Groups,dc=fisnuc,dc=intranet,dc=ufba,dc=br

nss-pam-ldapd does not have a pam_groupdb option, but something similar
can be done with pam_authz_search:

pam_authz_search (&(objectClass=posixGroup)(cn=remo_meso)(memberUid=$username))

Note that the pam_authz_search option is a bit new (available since
0.7.4) so it has not yet seen a lot of testing.

Thank Arthur, this is a great function. Do I need configure anything else in pam.d ? I try to use pam_authz_search, but anyone can make login.
I'm using nss-pam-ldapd 0.7.5 in Debian Lenny.


Rogerio de Carvalho Bastos

To unsubscribe send an email to or see