I found this problem too. I use CentOS 5.2 and openldap-2.3.43-3.el5. How can I configure this issue, please tell me? :-)
O. Hartmann-5 wrote: > > On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP: > > openldap-sasl-client-2.4.16 Open source LDAP client implementation with > SASL2 support > openldap-sasl-server-2.4.16 Open source LDAP server implementation > pam_ldap-1.8.4_1 A pam module for authenticating with LDAP > >>From O'Reilly's OpenLDAP book and other sources I got the information, > that tha tags > > pam_groupdn > pam_member_attribute > > can be used in conjunction with 'uid' to restrict access to a specific > host to those which are member of the group specified by pam_groupdn, as > long as the group object supports > multi-value-attributes like memberUid. > > Well, this is not working with FreeBSD any way! > > Suppose I define in /usr/local/etc/ldap.conf > > pam_groupdn cn=myGroup,ou=groups,dc=foo,dc=bar (objectClass: posixGroup) > pam_member_attribute memberUid > > And within this group there is my memberUid: > > memberUid: ohartmann > > Now I try to login to the specific box and get the warning: > > > You must be a memberUid of cn=myGroup,ou=groups,dc=foo,dc=bar to login. > > ... and I can login, no tmatter whether I'm in the group or not. > > What ist happening here? Why is the documentaion telling me this should > work and why isn't FreeBSD/PAM doing so? > > I'm confused! > > Any help appreciated. > > Oliver > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscr...@freebsd.org" > > -- View this message in context: http://www.nabble.com/pam_groupdn-pam_member_attribute-does-not-with-OpenLDAP-PAM-and-FreeBSD.-Why--tp23224829p23740220.html Sent from the freebsd-questions mailing list archive at Nabble.com. _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
