Fwd: Help required regarding nss-pam-ldap
[Date Prev][Date Next] [Thread Prev][Thread Next]Fwd: Help required regarding nss-pam-ldap
- From: Thejaswi Manjunatha <thejaswimanju [at] gmail.com>
- To: nss-pam-ldapd-users [at] lists.arthurdejong.org, Arthur de Jong <arthur [at] arthurdejong.org>
- Subject: Fwd: Help required regarding nss-pam-ldap
- Date: Tue, 1 Aug 2017 20:35:38 +0530
Hi Arthur,
Did you get a chance to look into this question ? Any updates ??
--
---------- Forwarded message ----------
From: Thejaswi Manjunatha <thejaswimanju [at] gmail.com>
Date: Thu, Jul 27, 2017 at 4:56 PM
Subject: Re: Help required regarding nss-pam-ldap
To: Arthur de Jong <arthur [at] arthurdejong.org>
1) The documentation shows
--
From: Thejaswi Manjunatha <thejaswimanju [at] gmail.com>
Date: Thu, Jul 27, 2017 at 4:56 PM
Subject: Re: Help required regarding nss-pam-ldap
To: Arthur de Jong <arthur [at] arthurdejong.org>
Hi Arthur,
I was testing your fix, when doing here are couple of observations :pam_authc_search
FILTER where it says NONE(No search) and BASE (to force default check) are attributes to be used.
2) Soon after the update of rpm to latest (without adding "pam_authc_search" entry to nslcd.conf) the authentication of those user (without read access for self) also started to work. Question: Is this the default behaviour now, what would it happen if pam_authc_serach is not specified in the nslcd.conf?
3) I added pam_authc_search to nslcd.conf and set the value to BASE again it was same behaviour (I was expecting that it would fail because the user cannot search/read its own record, and the "(objectClass=*)" filter is applied).
Below is the extract of nslcd.conf :
filter passwd (objectclass=user)
#pam_authz_search
pam_authc_search BASE
On Fri, Jun 16, 2017 at 2:53 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Wed, 2017-06-14 at 09:27 +0200, Arthur de Jong wrote:
> Currently nslcd performs a search after a BIND operation to the LDAPÂ
> server to validate that the authentication was successful. Some work
> was done on making this configurable but this was not finished yet.
Since this has come up a few times now, I've scraped the various bits
together and pushed some changes to master to make the search
configurable.
The change introduces a pam_authc_search option that you can use to
configure a custom search or you can set it to NONE to disable the
search altogether.
Testing of this is welcome!
--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --
--
Regards
Manjunatha Thejaswi
Regards
Manjunatha Thejaswi
-- To unsubscribe send an email to nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see https://lists.arthurdejong.org/nss-pam-ldapd-users/
- Help required regarding nss-pam-ldap,
Thejaswi Manjunatha
- Re: Help required regarding nss-pam-ldap,
Arthur de Jong
- Re: Help required regarding nss-pam-ldap,
Arthur de Jong
- Message not available
- Fwd: Help required regarding nss-pam-ldap, Thejaswi Manjunatha
- Re: Fwd: Help required regarding nss-pam-ldap, Arthur de Jong
- Fwd: Help required regarding nss-pam-ldap,
Thejaswi Manjunatha
- Re: Fwd: Help required regarding nss-pam-ldap, Arthur de Jong
- Re: Fwd: Help required regarding nss-pam-ldap, Thejaswi Manjunatha
- Message not available
- Re: Help required regarding nss-pam-ldap,
Arthur de Jong
- Re: Help required regarding nss-pam-ldap,
Arthur de Jong
- Prev by Date: pam_ldap module binding incorrectly with Sun LDAP
- Next by Date: Re: Fwd: Help required regarding nss-pam-ldap
- Previous by thread: Re: Help required regarding nss-pam-ldap
- Next by thread: Re: Fwd: Help required regarding nss-pam-ldap