RSS feed

Re: Revisiting Map limit to map base option

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Revisiting Map limit to map base option

On Tue, 2013-10-08 at 18:34 +0530, Ashutosh Mahajan wrote:
> All users in the IEOR group should be allowed. 9 users from ME group
> also should be allowed, but no one else from ME should be allowed. So
> we had
> base ou=IEOR,ou=People,dc=iitb,dc=ac,dc=in
> base uid=user1,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
> base uid=user2,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
> base uid=user3,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
> ...
> base uid=user10,ou=fac,ou=ME,ou=People,dc=iitb,dc=ac,dc=in
> But the limit of 7 got exceeded. Can we get around this situation
> using some trick? involving pam_authz_search for instance?

You could give users an extra attribute in the directory and use that to
determine access. The pam_authz_search option in the manual page has
some examples of this (host or authorizedService attribute).

The difference between using bas and using pam_authz_search is that all
users would exist on the system but only users matching pam_authz_search
can log in.

Kind regards,

-- arthur - - --
To unsubscribe send an email to or see