lists.arthurdejong.org
RSS feed

Re: Different LDAP parameters for different PAM services

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: Different LDAP parameters for different PAM services



On Sun, 2015-02-01 at 19:21 +0100, Bertrand Bonnefoy-Claudet wrote:
> With original libpam-ldap, I would use the `config` parameter to
> specify a different configuration file [1].  I could not figure out
> how to achieve that with nss-pam-ldap.

Sadly, this is not supported with nss-pam-ldapd because it is modelled
around a single, global user list and authentication configuration for
system accounts.

What you could do is have a certain subset of users being able to log in
using the pam_authz_search option and using $service in the filter
string (see for example the authorizedService example in the nslcd.conf
manual page).

There are also FTP servers that support getting virtual users from LDAP
(I think I've set this up using proftpd in the past).

Kind regards,

-- 
-- arthur - arthur@arthurdejong.org - http://arthurdejong.org/ --
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
http://lists.arthurdejong.org/nss-pam-ldapd-users/