pam_authz_search variable references

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Tim <weirdit [at] gmail.com>
To: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: pam_authz_search variable references
Date: Wed, 5 Oct 2011 15:59:12 +1000

Hey everyone.

Currently using nslcd pam_authz_search to limit access. I hit upon the
following which I can work around, but just asking for clarification.
"The search filter can contain the following variable references:
$username, $service, $ruser, $rhost, $tty, $hostname, $fqdn, $dn, and
$uid."

I expected $username would contain the username, and $uid would
contain the numeric user (which in my case, I expected $username to
map to uid in ldap, and $uid to map to uidNumber in ldap). In 'getent
passwd' everything is correct, and everything works correctly. However
$username maps to 'uid' as does uid. I was hoping to use $uid in a
search like (uidNumber=$uid) however that fails as $uid expands to the
username.
I can obviously do (uid=$username) which will work, but I'm a little
confused why we have both $username and $uid if they are the same. I
don't think any of my maps in /etc/nslcd.conf are causing the problem

Tim

#/etc/nslcd.conf
uid nslcd
gid nslcd
uri ldap://127.0.0.1/
base dc=plug,dc=org,dc=au
filter group (objectClass=posixGroup)
map group uniqueMember member
pam_authz_search
(&(uid=$username)(memberOf=cn=currentmembers,ou=Groups,dc=plug,dc=org,dc=au)(memberOf=cn=shell,ou=Groups,dc=plug,dc=org,dc=au))


-- 
Timothy White - Somewhere in Australia
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

pam_authz_search variable references, Tim

Prev by Date: Re: How to configure for delegated authentication
Next by Date: Re: How to configure for delegated authentication
Previous by thread: Re: How to configure for delegated authentication
Next by thread: [PATCH] Include query results in debug output