[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Limiting finger lookup access on Linux
See the dynlist overlay: http://www.openldap.org/doc/admin24/overlays.html
On 15/09/2009, Rex Roof <rex@wccnet.edu> wrote:
>
> On Sep 15, 2009, at 10:41 AM, Howard Chu wrote:
>
>> Rex Roof wrote:
>>> Yes, or a configuration for PAM that limits which users it provides
>>> information for.
>>
>> PAM doesn't return user information at all. This is strictly for nss-
>> ldap. You
>> could also add a filter to nss-ldap's config file. Unfortunately the
>> most
>> straightforward filter (memberOf=<the group DN>) won't work with
>> OpenLDAP's
>> memberof overlay. If your group was actually a dynamic group, then
>> you could
>> use the same filter criteria that the dynamic group uses.
>>
>>> -Rex
>
>
> From what I can tell, nss_ldap and pam_ldap use the same config file
> in centos, /etc/ldap.conf. So they both use the same proxy user?
>
> What do you mean by dynamic group? I'm open to changing to some other
> setup.
>
> -Rex
>
>
--
Sent from my mobile device
http://www.suretecsystems.com/services/openldap/
http://www.suretectelecom.com