pam_authz_search being ignored

From: "CHOUDARY, ANIRUDH (Ext)" <anirudh.choudary [at] novartis.com>
To: "nss-pam-ldapd-users [at] lists.arthurdejong.org" <nss-pam-ldapd-users [at] lists.arthurdejong.org>
Cc: "Madan Mohan, Amarnath" <amarnath.madan_mohan [at] novartis.com>
Subject: pam_authz_search being ignored
Date: Tue, 29 Oct 2019 16:21:10 +0000

Hello Arthur

We are using nss-pam-ldapd v0.9.10

We have two applications running in docker containers that are using the same set of configurations for nslcd.conf and pam.d files.

When one application (Rstudio) uses the nslcd for authentication, the pam_authz_search kicks in.

However, when the other application (shiny) uses the nslcd for authentication the pam_authz_search filter is ignored.

Following is the nslcd configuration we are using.

Could you please help us by pointing us in right direction to troubleshoot this?

-----------------------------------------------

uid nslcd

gid ldap

uri ldap://ldap-server:389

base dc=novartis,dc=net

binddn bind_ user

bindpw XXXXXXXXX

base passwd dc=novartis,dc=net

bind_timelimit 3600

timelimit 3600

nss_initgroups_ignoreusers root,shiny

cache dn2uid 8h

pam_authc_search NONE

pam_authz_search (&(objectClass=group)(|(cn=filter_group_1)(cn=filter_group_2))(member=$dn))

filter passwd (objectClass=posixAccount)

map passwd homeDirectory "/home/$uid"

map passwd gecos displayName

map passwd loginShell "/bin/bash"

filter shadow (objectClass=posixAccount)

map shadow uid uid

map shadow userPassword userPassword

-----------------------------------------------

Thanks & Regards

Anirudh Choudary

Providing Services to Novartis Pharma AG

e-mail: anirudh.choudary@novartis.com