lists.arthurdejong.org
RSS feed

Re: Revisiting Map limit to map base option

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Revisiting Map limit to map base option



> You could give users an extra attribute in the directory and use that to
> determine access. The pam_authz_search option in the manual page has
> some examples of this (host or authorizedService attribute).
>
> The difference between using bas and using pam_authz_search is that all
> users would exist on the system but only users matching pam_authz_search
> can log in.

Thanks for the clarification. We are now using the 'filter' option to
limit access
to the users that we want. It seems to be working well. We have something like

filter passwd (|(!(employeeType=fac))(uid=amahajan)(uid=vkavitha)(uid=...)...)

The rules are different from what I had written earlier, but they do
the required job
(much along the line of your suggestion of adding a new attribute).

Thanks again for your help.
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/