Filtering with pam_authz_search
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Filtering with pam_authz_search
- From: Valiere Jean-Christophe <valiere.jean-christophe [at] tpg.ch>
- To: "'nss-pam-ldapd-users [at] lists.arthurdejong.org'" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
- Subject: Filtering with pam_authz_search
- Date: Wed, 4 Jun 2014 16:33:03 +0000
Hi all
I'm trying to filter users with pam_authz_search.
I've some servers on which some customers have to login and some others on
which they don't.
On my Active Directory, I have 3 groups :
cn=Unix Admins
cn=Unix Operator
cn=Consulting
On my servers I have the following configuration:
====
filter passwd
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map passwd uid sAMAccountName
map passwd uidnumber uidNumber
map passwd homedirectory unixHomeDirectory
map passwd loginshell loginShell
map passwd gecos displayName
filter shadow
(&(objectClass=user)(!(objectClass=computer))(uidNumber=*)(unixHomeDirectory=*))
map shadow uid sAMAccountName
map shadow shadowLastChange pwdLastSet
filter group (objectClass=group)
pam_authz_search (&(objectClass=group)(|(cn=Unix Admins)(cn=Unix
Operator))(member=$dn))
===
But when I lookup for users I still see members of group Consulting:
getent passwd
cp.xxx:*:10000:10000:cp.xxx:/home/cp.xxx:/bin/bash
cp.yyy:*:10002:10000:cp.yyy:/home/cp.yyy:/bin/bash
consulting1:*:10007:10002:Consultant1:/home/consulting1:/bin/bash
My linux servers are running Debian wheezy and nslcd version 0.8.10
Thanks in advance and best regards.
Jean-Christophe.
--
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/
- Filtering with pam_authz_search,
Valiere Jean-Christophe
