Hi,
I believe you can use memberOf=something (for example (memberOf=cn=mygroup,ou=Groups,dc=example,dc=com)) in pam_filter as you are using AD and it should be to respond correctly. Alternatively a recent openldap server with memberof overlay enabled would be able to do the same. I have not used memberOf in a query with pam_ldap but have used it through apache (and other services). If you were to use memberOf you would still be again hardcoding the query you want to make.
Kaj On Oct 7, 2008, at 18:36, Simon Blunt wrote:
Hi Kaj, Thanks for this. Is there a way to make this work with groups, so that I can have a group of webusers, mailusers, etc? Simon On Tue, Oct 7, 2008 at 3:19 PM, Kaj Niemi <[EMAIL PROTECTED]> wrote:Hi,Try adding "pam_check_host_attr yes" in your /etc/ldap.conf. Your host: blah.example.com in ldap for each entry and system fqdn have to match. Seepam_ldap(5) for more info. For example: ssl start_tls tls_cacertdir /etc/openldap/cacerts pam_password md5 uri ldap://first/ ldap://second/ base dc=example, dc=com pam_filter objectclass=account pam_login_attribute uid pam_check_host_attr yes pam_min_uid 500 nss_initgroups_ignoreusers root,ldap,named,avahi,haldaemon HTH :) Kaj On Oct 7, 2008, at 12:44, Simon Blunt wrote:So a user must have the host:somehostname attribute (or host:*) attribute to login to a given server. This works, but doesn't scale. I must be overlooking something. This final step can't really be missing: can I really not have a host lookup Can anyone nudge me in the right direction?Kaj -- Kaj J. Niemi <[EMAIL PROTECTED]> +358 45 63 12000 _______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
Kaj -- Kaj J. Niemi <[EMAIL PROTECTED]> +358 45 63 12000
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
