getting group info from openldap
John Beck
jbeck at nasaprs.com
Thu Aug 10 17:53:21 UTC 2006
I've been told this might be a pam_ldap issue. Please let me know what
files/output I'd need to include (If anything is lacking).
We use openldap 2.3 on Red Hat Enterprise Linux ES release 4 (Nahant
Update 3).
The user's primary group is stored in the gid attribute in their entry,
but additional group memberships are configured by adding a memberUID
with the user's username to the posixGroup entry for the group.
When the user logs in they authenticate against OpenLdap correctly,
but the only group information that seems to follow them to the server
is the gid listed in their user entry. Our client servers run RH ES 3 or 4.
I've been fighting this for quite a while now, I've been reading this
list and the archives as well as online docs.
/etc/pam.d/login
#%PAM-1.0
auth required pam_securetty.so
auth required pam_stack.so service=system-auth
auth required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
session optional pam_console.so
/etc/pam.d/passwd
#%PAM-1.0
auth required pam_stack.so service=system-auth
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
Our clients ldap.conf
host 172.30.3.X
# The distinguished name of the search base.
base ou=People,dc=ourname,dc=com
sudoers_base ou=People,dc=ourname,dc=com
uri ldap://172.30.3.X/
binddn cn=Manager,dc=ourname,dc=com
bindpw ourtopsecretpassword
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
# Group member attribute
#psecretam_member_attribute uniquemember
pam_password md5
ssl no
#end ldap.con
Thank you,
-John B
--
John D. Beck, CCNA, RSA CSA & CSIE, Sys Admin / Security Engineer
Global Science and Technology (GST)
jbeck at nasaprs.com
Phone: 202.479.9030 #427
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3237 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/pam-list/attachments/20060810/e20ea4b1/attachment.bin>
More information about the Pam-list
mailing list