Re: Revisiting Map limit to map base option
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: Revisiting Map limit to map base option
- From: Ashutosh Mahajan <asm4 [at] alum.lehigh.edu>
- Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
- Subject: Re: Revisiting Map limit to map base option
- Date: Tue, 8 Oct 2013 18:34:57 +0530
On Mon, Oct 7, 2013 at 11:02 PM, Arthur de Jong <arthur@arthurdejong.org> wrote:
> Without more details on your configuration it is a bit difficult to guess
> but an ACL such as with pam_authz_search in general scales better than many
> search bases. You may be able to use pam_authz_search: the only limitation
> is that the search has to return one or more entries.
Thanks for the prompt reply. We want to give access to two types of
users. All users in the IEOR group should be allowed. 9 users from ME
group also should be allowed, but no one else from ME should be
allowed. So we had
base ou=IEOR,ou=People,dc=iitb,dc=ac,dc=in
base uid=user1,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
base uid=user2,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
base uid=user3,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
...
base uid=user10,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
But the limit of 7 got exceeded. Can we get around this situation
using some trick? involving pam_authz_search for instance?
We were earlier using nss_ldap.conf without this problem (it does not
have this limit) but want to move over to nss-pam-ldapd.
Thanks again for your help.
Ashutosh
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
