pam_groupdn/pam_member_attribute does not with OpenLDAP/PAM and
nok_compx at hotmail.com
Wed May 27 10:59:46 UTC 2009
I found this problem too. I use CentOS 5.2 and openldap-2.3.43-3.el5.
How can I configure this issue, please tell me? :-)
O. Hartmann-5 wrote:
> On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP:
> openldap-sasl-client-2.4.16 Open source LDAP client implementation with
> SASL2 support
> openldap-sasl-server-2.4.16 Open source LDAP server implementation
> pam_ldap-1.8.4_1 A pam module for authenticating with LDAP
>>From O'Reilly's OpenLDAP book and other sources I got the information,
> that tha tags
> can be used in conjunction with 'uid' to restrict access to a specific
> host to those which are member of the group specified by pam_groupdn, as
> long as the group object supports
> multi-value-attributes like memberUid.
> Well, this is not working with FreeBSD any way!
> Suppose I define in /usr/local/etc/ldap.conf
> pam_groupdn cn=myGroup,ou=groups,dc=foo,dc=bar (objectClass: posixGroup)
> pam_member_attribute memberUid
> And within this group there is my memberUid:
> memberUid: ohartmann
> Now I try to login to the specific box and get the warning:
> You must be a memberUid of cn=myGroup,ou=groups,dc=foo,dc=bar to login.
> ... and I can login, no tmatter whether I'm in the group or not.
> What ist happening here? Why is the documentaion telling me this should
> work and why isn't FreeBSD/PAM doing so?
> I'm confused!
> Any help appreciated.
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe at freebsd.org"
View this message in context: http://www.nabble.com/pam_groupdn-pam_member_attribute-does-not-with-OpenLDAP-PAM-and-FreeBSD.-Why--tp23224829p23740220.html
Sent from the freebsd-questions mailing list archive at Nabble.com.
More information about the freebsd-questions