pam_groupdn/pam_member_attribute does not with OpenLDAP/PAM and
FreeBSD. Why?
nok_compx
nok_compx at hotmail.com
Wed May 27 10:59:46 UTC 2009
I found this problem too. I use CentOS 5.2 and openldap-2.3.43-3.el5.
How can I configure this issue, please tell me? :-)
O. Hartmann-5 wrote:
>
> On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP:
>
> openldap-sasl-client-2.4.16 Open source LDAP client implementation with
> SASL2 support
> openldap-sasl-server-2.4.16 Open source LDAP server implementation
> pam_ldap-1.8.4_1 A pam module for authenticating with LDAP
>
>>From O'Reilly's OpenLDAP book and other sources I got the information,
> that tha tags
>
> pam_groupdn
> pam_member_attribute
>
> can be used in conjunction with 'uid' to restrict access to a specific
> host to those which are member of the group specified by pam_groupdn, as
> long as the group object supports
> multi-value-attributes like memberUid.
>
> Well, this is not working with FreeBSD any way!
>
> Suppose I define in /usr/local/etc/ldap.conf
>
> pam_groupdn cn=myGroup,ou=groups,dc=foo,dc=bar (objectClass: posixGroup)
> pam_member_attribute memberUid
>
> And within this group there is my memberUid:
>
> memberUid: ohartmann
>
> Now I try to login to the specific box and get the warning:
>
>
> You must be a memberUid of cn=myGroup,ou=groups,dc=foo,dc=bar to login.
>
> ... and I can login, no tmatter whether I'm in the group or not.
>
> What ist happening here? Why is the documentaion telling me this should
> work and why isn't FreeBSD/PAM doing so?
>
> I'm confused!
>
> Any help appreciated.
>
> Oliver
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
>
>
--
View this message in context: http://www.nabble.com/pam_groupdn-pam_member_attribute-does-not-with-OpenLDAP-PAM-and-FreeBSD.-Why--tp23224829p23740220.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
More information about the freebsd-questions
mailing list