RSS feed

pam_authz_search being ignored

[Date Prev][Date Next] [Thread Prev][Thread Next]

pam_authz_search being ignored

Hello Arthur


We are using nss-pam-ldapd v0.9.10


We have two applications running in docker containers that are using the same set of configurations for nslcd.conf and pam.d files.


When one application (Rstudio) uses the nslcd for authentication, the pam_authz_search kicks in.

However, when the other application (shiny) uses the nslcd for authentication the pam_authz_search filter is ignored.


Following is the nslcd configuration we are using.

Could you please help us by pointing us in right direction to troubleshoot this?



uid nslcd

gid ldap

uri ldap://ldap-server:389

base dc=novartis,dc=net

binddn bind_ user



base passwd dc=novartis,dc=net

bind_timelimit 3600

timelimit 3600


nss_initgroups_ignoreusers root,shiny

cache dn2uid 8h

pam_authc_search NONE

pam_authz_search (&(objectClass=group)(|(cn=filter_group_1)(cn=filter_group_2))(member=$dn))


filter passwd (objectClass=posixAccount)

map    passwd homeDirectory "/home/$uid"

map    passwd gecos         displayName

map    passwd loginShell    "/bin/bash"

filter shadow (objectClass=posixAccount)

map    shadow uid uid

map shadow userPassword userPassword





Thanks & Regards


Anirudh Choudary

Providing Services to Novartis Pharma AG