lists.arthurdejong.org
RSS feed

Re: [nssldap] Using nss_base filters

[Date Prev][Date Next] [Thread Prev][Thread Next]

Re: [nssldap] Using nss_base filters





Ken Kleiner wrote:
Hi,  I have set up a ldap posix group and have put members into it by including 
their username in memberuid fields.  This works fine from a group perspective.

What I'm trying to do is to configure one of our systems using nss_ldap and pam 
with ldap auth so that only users in that group can be looked up (with id, 
getent passwd, etc).  Then I'd like to authenticate them if so, so I think I can
use pamgroup_dn for that.

Have you looked at using netgroups with the /etc/passwd?
You can add something like this to the end of the /etc/passwrd file:
+@group-of-users
Which can then control access to this system based on the netgroup.



Is that what I use nss_base_passwd for? I can't figure out the syntax.
Trying

nss_base_passwd  ou=People,dc=my,dc=domain?one?gidNumber=12345

doesn't work as expected  - that only lists users whose primary group id is 
12345, not those who are IN group 12345.

Any help is appreciated.  Thanks.

Ken Kleiner
System Manager
University of Massachusetts Lowell
Computer Science Department
978 934 3645







--

 Douglas E. Engert  <DEEngert@anl.gov>
 Argonne National Laboratory
 9700 South Cass Avenue
 Argonne, Illinois  60439
 (630) 252-5444