On Thu, Feb 17, 2011 at 4:44 PM, Hugo Monteiro <[email protected]>wrote:
> On 02/17/2011 09:12 AM, Meghanand Acharekar wrote: > > > Hi, > > I'm using pam_groupdn for restricting access to some for my servers, > by defining user groups as follows. > > /etc/ldap.conf (Redhat 5.5) > # Group to enforce membership of > pam_groupdn cn=group1,ou=Group,dc=example,dc=com > # Group member attribute > pam_member_attribute memberUid > > This works only if the pam_member_attribute is in following format. > > memberUid: uid=user1,ou=People,dc=example,dc=com > memberUid: uid=user2,ou=People,dc=example,dc=com > > Simply memberUid: user1 is not working, is there any way to fix this. > > > I believe pam_member_attribute will always refer to an attribute containing > users DNs. Take a look at the RFC2307bis support. > > > Second, if a user which dose not belong to this group tries to login > server, > access is denied by displaying following message. > > You must be a memberUid of cn=group1,ou=Group,dc=example,dc=com to login. > Connection closed by x.x.x.x > > Is it possible to change this message ? > > > In /etc/pam.d/common-account, for the pam_ldap.so line, use the following: > > account required pam_ldap.so ignore_authinfo_unavail > ignore_unknown_user no_warn > > > Thanks, Its working as I expected. Regards, > > Hugo Monteiro. > > -- > fct.unl.pt:~# cat .signature > > Hugo Monteiro > Email : [email protected] > Telefone : +351 212948300 Ext.15307 > Web : http://hmonteiro.net > > Divisão de Informática > Faculdade de Ciências e Tecnologia da > Universidade Nova de Lisboa > Quinta da Torre 2829-516 Caparica Portugal > Telefone: +351 212948596 Fax: +351 212948548www.fct.unl.pt > [email protected] > > fct.unl.pt:~# _ > > Thanks, Meghanand
