Re: Using filter passwd
[Date Prev][Date Next] [Thread Prev][Thread Next]Re: Using filter passwd
- From: Hugo Deprez <hugo.deprez [at] gmail.com>
- To: Arthur de Jong <arthur [at] arthurdejong.org>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Using filter passwd
- Date: Fri, 27 May 2011 18:41:32 +0200
Hello,
I finally succeed :
- Pam authentification changed according to : http://wiki.debian.org/LDAP/PAM
- nslcd filter : pam_authz_search (&(objectClass=IT)(uid=$username)(|(host=$hostname)(host=all)))
- Ldap's acl add by self read for users can access to their own information.
Users without any host attribute can't access to any servers.
Thanks for the help !
Regards
Hugo
On 27 May 2011 14:24, Hugo Deprez <hugo.deprez [at] gmail.com> wrote:
Hello Arthur,
Yes that is exactly what I want to do.
But my hugo.test who don't have any host attribute gain access to the system.
nslcd: [b141f2] pam_authz_search "(&(objectClass=IT)(uid=hugo.test)(|(host=server1)(host=all)))" found no matches
I don't understand why.
Can this be an issue with pam ?
Regards,
HugoOn 27 May 2011 13:17, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Fri, 2011-05-27 at 12:28 +0200, Hugo Deprez wrote:This should not happen. If you provide a pam_authz_search option the
> It seems that if the filter return "no match found" loggin is accepted
search should always be performed and access should be denied if no
match is found.
If you only want to grant access to your system to users that have the
> If I give an attribute host=none to all the users without host
> atrribute, it match and access is denied.
>
> Is there a way to change this default behaviour ? I would like to
> avoid providing this attribute to all the users.
host attribute set to the current hostname or "all" you could simply do:
pam_authz_search (&(objectClass=IT)(uid=$username)(|(host=$hostname)(host=all)))
--
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe [at] lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see http://lists.arthurdejong.org/nss-pam-ldapd-users
- Re: Using filter passwd, (continued)
- Re: Using filter passwd,
Hugo Deprez
- Re: Using filter passwd,
Hugo Deprez
- Re: Using filter passwd, Arthur de Jong
- Re: Using filter passwd, Hugo Deprez
- Re: Using filter passwd, Hugo Deprez
- Re: Using filter passwd,
Hugo Deprez
- Re: Using filter passwd,
Hugo Deprez
- Prev by Date: Re: Using filter passwd
- Next by Date: Re: Problem with server integrated with LDAP
- Previous by thread: Re: Using filter passwd
- Next by thread: Problem with server integrated with LDAP