Disregard my response below. I misread the problem statement. I thought the you were trying to filter logins based on an attribute, which is what the subject line said.
Prentice Bisbal wrote: > Anton Chu wrote: >> I have a scenario where I want to setup two LDAP groups where one group >> can access a file on the server while the other one cannot after they >> login. Can some PAM tweaks make this happen if not on the ldap side? > > Yes. See the man page for pam_ldap: > > pam_groupdn <groupdn> > Specifies the distinguished name of a group to which a > user must belong for logon authorization to succeed. > pam_member_attribute <attribute> Specifies the attribute to use when > testing a user’s membership of a group specified in the pam_groupdn option. > > -- Prentice
