ldap authorization

Troy Knabe knabe at 4j.lane.edu
Wed Oct 10 21:39:30 UTC 2007


# Group to enforce membership of
pam_groupdn cn=troy_test,ou=Groups,dc=company,dc=com ## Yes, I replaced 
this with my basedn)

# Group member attribute
pam_member_attribute uniquemember


I am the only member of the group, and uniqueMember is the attribute.

-Troy

Esquivel, Vicente wrote:
> For me I only had to make sure that the correct pam_member_attribute was
> set inside the ldap.conf file.
> 
> Vince
> 
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com 
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Troy Knabe
>> Sent: Wednesday, October 10, 2007 4:35 PM
>> To: General Red Hat Linux discussion list
>> Subject: RE: ldap authorization
>>
>> So I have done this and restarted nscd and even rebooted, but 
>> still everyone with an account can access the server.  What I 
>> am I missing?
>>
>> -Troy
>>
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com 
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mups.cp
>> Sent: Wednesday, October 10, 2007 12:40 PM
>> To: General Red Hat Linux discussion list
>> Subject: Re: ldap authorization
>>
>> First create a groupOfUniqueNames objectClass in your ldap 
>> and set uniqueMember with the full dn for those users that 
>> should be allowed access.
>> In /etc/ldap.conf
>> pam_groupdn cn=unixusers,ou=Groups,dc=domain,dc=com
>> Where unixusers is the group with the groupOfUniqueNames 
>> objectClass you defined before.
>>
>>
>> On 10/10/07, Esquivel, Vicente <Esquivelv at uhd.edu> wrote:
>>> I have much interest on how to get pam_groupdn to work 
>> because I have 
>>> been battling with it for a few days now with not hope in sight.
>>>
>>> Vince
>>>
>>>> -----Original Message-----
>>>> From: redhat-list-bounces at redhat.com 
>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mups.cp
>>>> Sent: Wednesday, October 10, 2007 2:30 PM
>>>> To: General Red Hat Linux discussion list
>>>> Subject: Re: ldap authorization
>>>>
>>>> You coud use the pam_groupdn option.
>>>>
>>>> On 10/10/07, Troy Knabe <knabe at 4j.lane.edu> wrote:
>>>>> I am using Kerberos for authentication and ldap for
>>>> authorization.  But I want to limit the ldap users who 
>> can login to 
>>>> the server to a specific group.
>>>>>
>>>>>
>>>>> Anyone have any perls of wisdom on what needs to be added
>>>> to the ldap.conf???
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> -Troy
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> redhat-list mailing list
>>>>> unsubscribe
>>>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe 
>>>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe 
>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
> 




More information about the redhat-list mailing list