Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
- From: Buchan Milne <bgmilne [at] mandriva.org>
- To: subu <subu.ayyagari [at] gs.com>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
- Date: Tue, 30 Jan 2007 09:03:04 +0200
On Sunday 28 January 2007 07:24, subu wrote:
> Using nss_ldap, but it does not seem to look at attributes.
> Below is a case where users with allowatrib=admin or dev are allowed.
> But getent passwd shows *all* the records in LDAP.
>
> Is there an additional step to enforce restrictions specified by filter?
>
> Eg:
> nss_base_passwd
> ou=People,dc=gs,dc=com?one|(allowattrib=admin)(allowatrib=dev)
The documentation for this configuration option shows it should be as follows:
nss_base_<map> <basedn?scope?filter>
So, you're missing a ?:
nss_base_passwd ou=People,dc=gs,dc=com?one?|(allowattrib=admin)
(allowatrib=dev)
I have tested :
nss_base_passwd ou=People,dc=ranger,dc=dnsalias,dc=com?one?|(gidNumber=501)
(gidNumber=502)
which works correctly.
> getent passwd ( dumps entire directory though )
--
Buchan Milne
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)