ldap authorization
Troy Knabe
knabe at 4j.lane.edu
Wed Oct 10 21:39:30 UTC 2007
# Group to enforce membership of
pam_groupdn cn=troy_test,ou=Groups,dc=company,dc=com ## Yes, I replaced
this with my basedn)
# Group member attribute
pam_member_attribute uniquemember
I am the only member of the group, and uniqueMember is the attribute.
-Troy
Esquivel, Vicente wrote:
> For me I only had to make sure that the correct pam_member_attribute was
> set inside the ldap.conf file.
>
> Vince
>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Troy Knabe
>> Sent: Wednesday, October 10, 2007 4:35 PM
>> To: General Red Hat Linux discussion list
>> Subject: RE: ldap authorization
>>
>> So I have done this and restarted nscd and even rebooted, but
>> still everyone with an account can access the server. What I
>> am I missing?
>>
>> -Troy
>>
>>
>> -----Original Message-----
>> From: redhat-list-bounces at redhat.com
>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mups.cp
>> Sent: Wednesday, October 10, 2007 12:40 PM
>> To: General Red Hat Linux discussion list
>> Subject: Re: ldap authorization
>>
>> First create a groupOfUniqueNames objectClass in your ldap
>> and set uniqueMember with the full dn for those users that
>> should be allowed access.
>> In /etc/ldap.conf
>> pam_groupdn cn=unixusers,ou=Groups,dc=domain,dc=com
>> Where unixusers is the group with the groupOfUniqueNames
>> objectClass you defined before.
>>
>>
>> On 10/10/07, Esquivel, Vicente <Esquivelv at uhd.edu> wrote:
>>> I have much interest on how to get pam_groupdn to work
>> because I have
>>> been battling with it for a few days now with not hope in sight.
>>>
>>> Vince
>>>
>>>> -----Original Message-----
>>>> From: redhat-list-bounces at redhat.com
>>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mups.cp
>>>> Sent: Wednesday, October 10, 2007 2:30 PM
>>>> To: General Red Hat Linux discussion list
>>>> Subject: Re: ldap authorization
>>>>
>>>> You coud use the pam_groupdn option.
>>>>
>>>> On 10/10/07, Troy Knabe <knabe at 4j.lane.edu> wrote:
>>>>> I am using Kerberos for authentication and ldap for
>>>> authorization. But I want to limit the ldap users who
>> can login to
>>>> the server to a specific group.
>>>>>
>>>>>
>>>>> Anyone have any perls of wisdom on what needs to be added
>>>> to the ldap.conf???
>>>>>
>>>>>
>>>>> Thanks
>>>>>
>>>>> -Troy
>>>>>
>>>>>
>>>>>
>>>>> --
>>>>> redhat-list mailing list
>>>>> unsubscribe
>>>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>>
>>>> --
>>>> redhat-list mailing list
>>>> unsubscribe
>>>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>>
>>> --
>>> redhat-list mailing list
>>> unsubscribe
>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
>>> https://www.redhat.com/mailman/listinfo/redhat-list
>>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>> --
>> redhat-list mailing list
>> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
>> https://www.redhat.com/mailman/listinfo/redhat-list
>>
>
More information about the redhat-list
mailing list