Re: Revisiting Map limit to map base option

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Ashutosh Mahajan <asm4 [at] alum.lehigh.edu>
Cc: nss-pam-ldapd-users [at] lists.arthurdejong.org
Subject: Re: Revisiting Map limit to map base option
Date: Tue, 15 Oct 2013 12:52:51 +0530

> You could give users an extra attribute in the directory and use that to
> determine access. The pam_authz_search option in the manual page has
> some examples of this (host or authorizedService attribute).
>
> The difference between using bas and using pam_authz_search is that all
> users would exist on the system but only users matching pam_authz_search
> can log in.

Thanks for the clarification. We are now using the 'filter' option to
limit access
to the users that we want. It seems to be working well. We have something like

filter passwd (|(!(employeeType=fac))(uid=amahajan)(uid=vkavitha)(uid=...)...)

The rules are different from what I had written earlier, but they do
the required job
(much along the line of your suggestion of adding a new attribute).

Thanks again for your help.
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/

Revisiting Map limit to map base option, Ashutosh Mahajan
- Re: Revisiting Map limit to map base option, Arthur de Jong
  - Re: Revisiting Map limit to map base option, Ashutosh Mahajan
    - Re: Revisiting Map limit to map base option, Arthur de Jong
      - Re: Revisiting Map limit to map base option, Ashutosh Mahajan

Prev by Date: Re: Revisiting Map limit to map base option
Next by Date: Password problem
Previous by thread: Re: Revisiting Map limit to map base option
Next by thread: Password problem