ldap authorization

[Esquivel, Vicente]

What does your pam system-auth look like for the account statements?



> -----Original Message-----
> From: redhat-list-bounces at redhat.com 
> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Troy Knabe
> Sent: Wednesday, October 10, 2007 4:40 PM
> To: General Red Hat Linux discussion list
> Subject: Re: ldap authorization
> 
> # Group to enforce membership of
> pam_groupdn cn=troy_test,ou=Groups,dc=company,dc=com ## Yes, 
> I replaced this with my basedn)
> 
> # Group member attribute
> pam_member_attribute uniquemember
> 
> 
> I am the only member of the group, and uniqueMember is the attribute.
> 
> -Troy
> 
> Esquivel, Vicente wrote:
> > For me I only had to make sure that the correct 
> pam_member_attribute 
> > was set inside the ldap.conf file.
> > 
> > Vince
> > 
> >> -----Original Message-----
> >> From: redhat-list-bounces at redhat.com 
> >> [mailto:redhat-list-bounces at redhat.com] On Behalf Of Troy Knabe
> >> Sent: Wednesday, October 10, 2007 4:35 PM
> >> To: General Red Hat Linux discussion list
> >> Subject: RE: ldap authorization
> >>
> >> So I have done this and restarted nscd and even rebooted, 
> but still 
> >> everyone with an account can access the server.  What I am 
> I missing?
> >>
> >> -Troy
> >>
> >>
> >> -----Original Message-----
> >> From: redhat-list-bounces at redhat.com 
> >> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mups.cp
> >> Sent: Wednesday, October 10, 2007 12:40 PM
> >> To: General Red Hat Linux discussion list
> >> Subject: Re: ldap authorization
> >>
> >> First create a groupOfUniqueNames objectClass in your ldap and set 
> >> uniqueMember with the full dn for those users that should 
> be allowed 
> >> access.
> >> In /etc/ldap.conf
> >> pam_groupdn cn=unixusers,ou=Groups,dc=domain,dc=com
> >> Where unixusers is the group with the groupOfUniqueNames 
> objectClass 
> >> you defined before.
> >>
> >>
> >> On 10/10/07, Esquivel, Vicente <Esquivelv at uhd.edu> wrote:
> >>> I have much interest on how to get pam_groupdn to work
> >> because I have
> >>> been battling with it for a few days now with not hope in sight.
> >>>
> >>> Vince
> >>>
> >>>> -----Original Message-----
> >>>> From: redhat-list-bounces at redhat.com 
> >>>> [mailto:redhat-list-bounces at redhat.com] On Behalf Of mups.cp
> >>>> Sent: Wednesday, October 10, 2007 2:30 PM
> >>>> To: General Red Hat Linux discussion list
> >>>> Subject: Re: ldap authorization
> >>>>
> >>>> You coud use the pam_groupdn option.
> >>>>
> >>>> On 10/10/07, Troy Knabe <knabe at 4j.lane.edu> wrote:
> >>>>> I am using Kerberos for authentication and ldap for
> >>>> authorization.  But I want to limit the ldap users who
> >> can login to
> >>>> the server to a specific group.
> >>>>>
> >>>>>
> >>>>> Anyone have any perls of wisdom on what needs to be added
> >>>> to the ldap.conf???
> >>>>>
> >>>>>
> >>>>> Thanks
> >>>>>
> >>>>> -Troy
> >>>>>
> >>>>>
> >>>>>
> >>>>> --
> >>>>> redhat-list mailing list
> >>>>> unsubscribe
> >>>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >>>>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>>>
> >>>> --
> >>>> redhat-list mailing list
> >>>> unsubscribe
> >>>> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >>>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>>
> >>> --
> >>> redhat-list mailing list
> >>> unsubscribe
> >> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >>> https://www.redhat.com/mailman/listinfo/redhat-list
> >>>
> >> --
> >> redhat-list mailing list
> >> unsubscribe 
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> >> --
> >> redhat-list mailing list
> >> unsubscribe 
> mailto:redhat-list-request at redhat.com?subject=unsubscribe
> >> https://www.redhat.com/mailman/listinfo/redhat-list
> >>
> > 
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>