[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Limiting finger lookup access on Linux

To: Rex Roof <rex@wccnet.edu>, Howard Chu <hyc@symas.com>, "Brett @Google" <brett.maxfield@gmail.com>, "openldap-technical@openldap.org" <openldap-technical@openldap.org>
Subject: Re: Limiting finger lookup access on Linux
From: Gavin Henry <gavin.henry@gmail.com>
Date: Wed, 16 Sep 2009 06:49:46 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=jyT+EctUX0Hl9SNIA/sqZi/CIwHvAshtcBWNDmLlV1A=; b=sJD1c/Z9kyACFlo6orcJCkpBG0L6TYPFkusXrLT5UIdeKPVymH6DmS6mr/23TWxdAu ZWjTjQhSwuAGrORd2KjTOhwEdDk+H6qVkccWownWuKBVn7NH2QrDG/DWzOQp1QP7dx9J zwWQbFD1BK0yJe9bMHKF7snCOu8AWok+aMKgE=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=bEPSe33JLnQOaKtK4ob68MoH8lD9wcGvKbS7EhynzbkhZqYtTxiB6m5CN63uFhBB+5 YD9YfrLU6l8KA2A2jPHIq3IU6efLVpCqOyKjfma4OCK2We6WOwbNTC9ErqvmUo80XzCx iDgV9nswM5Okzo4S+wPPxHqvmhclYJmpl0Ogc=
In-reply-to: <0A28D328-6768-4FCF-A5DA-43772B2326A2@wccnet.edu>
References: <E73FB1AD-AF59-4C15-8D23-02757FA832D1@wccnet.edu> <e021c7c00909121748m5d002027y1058a72c5c007766@mail.gmail.com> <4AAC4821.7090604@symas.com> <6067F726-33AE-4609-97CE-2A26C1752E2D@wccnet.edu> <4AAFA77C.1050303@symas.com> <0A28D328-6768-4FCF-A5DA-43772B2326A2@wccnet.edu>

See the dynlist overlay: http://www.openldap.org/doc/admin24/overlays.html

On 15/09/2009, Rex Roof <rex@wccnet.edu> wrote:
>
> On Sep 15, 2009, at 10:41 AM, Howard Chu wrote:
>
>> Rex Roof wrote:
>>> Yes, or a configuration for PAM that limits which users it provides
>>> information for.
>>
>> PAM doesn't return user information at all. This is strictly for nss-
>> ldap. You
>> could also add a filter to nss-ldap's config file. Unfortunately the
>> most
>> straightforward filter (memberOf=<the group DN>) won't work with
>> OpenLDAP's
>> memberof overlay. If your group was actually a dynamic group, then
>> you could
>> use the same filter criteria that the dynamic group uses.
>>
>>> -Rex
>
>
>  From what I can tell, nss_ldap and pam_ldap use the same config file
> in centos,  /etc/ldap.conf.  So they both use the same proxy user?
>
> What do you mean by dynamic group?  I'm open to changing to some other
> setup.
>
> -Rex
>
>

-- 
Sent from my mobile device

http://www.suretecsystems.com/services/openldap/
http://www.suretectelecom.com

Follow-Ups:
- Re: Limiting finger lookup access on Linux
  - From: Rex Roof <rex@wccnet.edu>

References:
- Limiting finger lookup access on Linux
  - From: Rex Roof <rex@wccnet.edu>
- Re: Limiting finger lookup access on Linux
  - From: "Brett @Google" <brett.maxfield@gmail.com>
- Re: Limiting finger lookup access on Linux
  - From: Howard Chu <hyc@symas.com>
- Re: Limiting finger lookup access on Linux
  - From: Rex Roof <rex@wccnet.edu>
- Re: Limiting finger lookup access on Linux
  - From: Howard Chu <hyc@symas.com>
- Re: Limiting finger lookup access on Linux
  - From: Rex Roof <rex@wccnet.edu>

Prev by Date: Re: ldapsearch hangs
Next by Date: Re: Windwos 2003 Active Directory CentOS 5.3 OpenLDAP Server Sync
Index(es):
- Chronological
- Thread