On Thu, 11 Oct 2007, Jorge Delacruz wrote: > Anyone ever hear of such a module or means that will reject logins if > a user is not in the right group? The users are authenticated against > LDAP, not local files. This is an access control (authorization) issue, > not an authentication issue.
If you are using ssh server for logins, have a look at OpenSSH's DenyGroups and AllowGroups configurations. OpenSSH uses getpwnam(3) to get the details for the user to-be logged in. So use nsswitch to use ldap for group (and other databases). Also setup PAM to use pam_ldap.so also. Jeremy C. Reed --------------------------------------------------- PLUG-discuss mailing list - [email protected] To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
