lists.arthurdejong.org
RSS feed

Re: [PATCH] increase filter_buffer size in try_autzsearch

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [PATCH] increase filter_buffer size in try_autzsearch



On Thu, 2012-03-22 at 10:25 -0500, Chris J Arges wrote:
> The <group_name> values vary in length from ~10 to ~24 characters
> long, meaning that each <group_specX> entry varies in length between
> ~50 and ~64 characters, which effectively limits the pam_authz_search
> filter expression to only supporting between 15 and 20 or so groups
> when they are specified in this fashion.

Thanks for your coming up with an example, I've updated the buffer to
max 4096 bytes.

Note that this may not be the best way to do this kind of filtering.
Remember that it doesn't matter what entries the pam_authz_search
returns, so you could also search for groups that have a specific
attribute:

pam_authz_search 
(&(objectClass=posixGroup)(memberUid=$uid)(somegroupattribute=1))

I also don't know about the efficiency of such long search filters.

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/