Re: Filtering users by group

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: ROGERIO DE CARVALHO BASTOS <rogeriobastos [at] dcc.ufba.br>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Filtering users by group
Date: Fri, 21 May 2010 17:13:08 -0300

Quoting Arthur de Jong <arthur@arthurdejong.org>:

On Fri, 2010-05-21 at 10:39 -0300, ROGERIO DE CARVALHO BASTOS wrote:

Is there a way to restrict authentication by group membership ?

Like this in libpam-ldap:

# Group to enforce membership of
pam_groupdn cn=remo_meso,ou=Groups,dc=fisnuc,dc=intranet,dc=ufba,dc=br


nss-pam-ldapd does not have a pam_groupdb option, but something similar
can be done with pam_authz_search:

pam_authz_search(&(objectClass=posixGroup)(cn=remo_meso)(memberUid=$username))


Note that the pam_authz_search option is a bit new (available since
0.7.4) so it has not yet seen a lot of testing.

Thank Arthur, this is a great function. Do I need configure anythingelse in pam.d ? I try to use pam_authz_search, but anyone can makelogin.

I'm using nss-pam-ldapd 0.7.5 in Debian Lenny.

--

Rogerio de Carvalho Bastos

http://wiki.dcc.ufba.br/Main/RogerioBastos

--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users

Re: pam-ldapd and multiples uri, (continued)

Prev by Date: Re: Filtering users by group
Next by Date: Re: Filtering users by group
Previous by thread: Re: Filtering users by group
Next by thread: Re: Filtering users by group