pam_authz_search variable references
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
pam_authz_search variable references
- From: Tim <weirdit [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: pam_authz_search variable references
- Date: Wed, 5 Oct 2011 15:59:12 +1000
Hey everyone.
Currently using nslcd pam_authz_search to limit access. I hit upon the
following which I can work around, but just asking for clarification.
"The search filter can contain the following variable references:
$username, $service, $ruser, $rhost, $tty, $hostname, $fqdn, $dn, and
$uid."
I expected $username would contain the username, and $uid would
contain the numeric user (which in my case, I expected $username to
map to uid in ldap, and $uid to map to uidNumber in ldap). In 'getent
passwd' everything is correct, and everything works correctly. However
$username maps to 'uid' as does uid. I was hoping to use $uid in a
search like (uidNumber=$uid) however that fails as $uid expands to the
username.
I can obviously do (uid=$username) which will work, but I'm a little
confused why we have both $username and $uid if they are the same. I
don't think any of my maps in /etc/nslcd.conf are causing the problem
Tim
#/etc/nslcd.conf
uid nslcd
gid nslcd
uri ldap://127.0.0.1/
base dc=plug,dc=org,dc=au
filter group (objectClass=posixGroup)
map group uniqueMember member
pam_authz_search
(&(uid=$username)(memberOf=cn=currentmembers,ou=Groups,dc=plug,dc=org,dc=au)(memberOf=cn=shell,ou=Groups,dc=plug,dc=org,dc=au))
--
Timothy White - Somewhere in Australia
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- pam_authz_search variable references,
Tim