lists.arthurdejong.org
RSS feed

Fwd: Help required regarding nss-pam-ldap

[Date Prev][Date Next] [Thread Prev][Thread Next]

Fwd: Help required regarding nss-pam-ldap



Hi All,

I was testing your fix, when doing here are couple of observations :


1) The documentation shows pam_authc_search FILTER where it says NONE(No search) and BASE (to force default check) are attributes to be used.
2) Soon after the update of rpm to latest (without adding "pam_authc_search" entry to nslcd.conf) the authentication of those user (without read access for self) also started to work. Question: Is this the default behaviour now, what would it happen if pam_authc_serach is not specified in the nslcd.conf?
3) I added pam_authc_search to nslcd.conf and set the value to BASE again it was same behaviour (I was expecting that it would fail because the user cannot search/read its own record, and the "(objectClass=*)" filter is applied).

Below is the extract of nslcd.conf :

filter passwd (objectclass=user)
#pam_authz_search
pam_authc_search BASE



---------- Forwarded message ----------
From: Thejaswi Manjunatha <thejaswimanju [at] gmail.com>
Date: Tue, Aug 1, 2017 at 8:35 PM
Subject: Fwd: Help required regarding nss-pam-ldap
To: nss-pam-ldapd-users [at] lists.arthurdejong.org, Arthur de Jong <arthur [at] arthurdejong.org>


Hi Arthur,

Did you get a chance to look into this question ? Any updates ??

---------- Forwarded message ----------
From: Thejaswi Manjunatha <thejaswimanju [at] gmail.com>
Date: Thu, Jul 27, 2017 at 4:56 PM
Subject: Re: Help required regarding nss-pam-ldap
To: Arthur de Jong <arthur [at] arthurdejong.org>


Hi Arthur,

I was testing your fix, when doing here are couple of observations :

1) The documentation shows pam_authc_search FILTER where it says NONE(No search) and BASE (to force default check) are attributes to be used.
2) Soon after the update of rpm to latest (without adding "pam_authc_search" entry to nslcd.conf) the authentication of those user (without read access for self) also started to work. Question: Is this the default behaviour now, what would it happen if pam_authc_serach is not specified in the nslcd.conf?
3) I added pam_authc_search to nslcd.conf and set the value to BASE again it was same behaviour (I was expecting that it would fail because the user cannot search/read its own record, and the "(objectClass=*)" filter is applied).

Below is the extract of nslcd.conf :

filter passwd (objectclass=user)
#pam_authz_search
pam_authc_search BASE



On Fri, Jun 16, 2017 at 2:53 AM, Arthur de Jong <arthur [at] arthurdejong.org> wrote:
On Wed, 2017-06-14 at 09:27 +0200, Arthur de Jong wrote:
> Currently nslcd performs a search after a BIND operation to the LDAP 
> server to validate that the authentication was successful. Some work
> was done on making this configurable but this was not finished yet.

Since this has come up a few times now, I've scraped the various bits
together and pushed some changes to master to make the search
configurable.

The change introduces a pam_authc_search option that you can use to
configure a custom search or you can set it to NONE to disable the
search altogether.

Testing of this is welcome!

--
-- arthur - arthur [at] arthurdejong.org - https://arthurdejong.org/ --



--
Regards

Manjunatha Thejaswi



--
Regards

Manjunatha Thejaswi



--
Regards

Manjunatha Thejaswi
-- 
To unsubscribe send an email to
nss-pam-ldapd-users-unsubscribe@lists.arthurdejong.org or see
https://lists.arthurdejong.org/nss-pam-ldapd-users/