Re: [nssldap] Using nss_base filters
[
Date Prev][
Date Next]
[
Thread Prev][
Thread Next]
Re: [nssldap] Using nss_base filters
- From: "Douglas E. Engert" <deengert [at] anl.gov>
- To: Ken Kleiner <ken [at] cs.uml.edu>
- Cc: nssldap [at] padl.com
- Subject: Re: [nssldap] Using nss_base filters
- Date: Fri, 16 Apr 2010 14:29:00 -0500
Ken Kleiner wrote:
Hi, I have set up a ldap posix group and have put members into it by including
their username in memberuid fields. This works fine from a group perspective.
What I'm trying to do is to configure one of our systems using nss_ldap and pam
with ldap auth so that only users in that group can be looked up (with id,
getent passwd, etc). Then I'd like to authenticate them if so, so I think I can
use pamgroup_dn for that.
Have you looked at using netgroups with the /etc/passwd?
You can add something like this to the end of the /etc/passwrd file:
+@group-of-users
Which can then control access to this system based on the netgroup.
Is that what I use nss_base_passwd for? I can't figure out the syntax.
Trying
nss_base_passwd ou=People,dc=my,dc=domain?one?gidNumber=12345
doesn't work as expected - that only lists users whose primary group id is
12345, not those who are IN group 12345.
Any help is appreciated. Thanks.
Ken Kleiner
System Manager
University of Massachusetts Lowell
Computer Science Department
978 934 3645
--
Douglas E. Engert <DEEngert@anl.gov>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444