[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: pam_groupdn login restriction



> /etc/ldap.conf:
> uri ldaps://ldap.mydomain.com
> base dc=mydomain,dc=com
> binddn cn=user,ou=People,dc=mydomain,dc=com
> bindpw password
> bind_policy soft
> pam_password md5
> pam_login_attribute userID
> pam_groupdn cn=login,ou=Groups,dc=mydomain,dc=com
> pam_member_attribute member
> pam_lookup_policy yes
> tls_checkpeer no
> ssl on
>
> LDAP login group:
> dn: cn=login,ou=Group,dc=mydomain,dc=com
> objectClass: top
> objectClass: posixGroup
> cn: login
> description: login group
> gidNumber: 100
> memberUid: user1
> memberUid: user2
>
The pam_member_attribute must match the LDAP 'attribute' used in the LDAP login groups; memberUid in your case (not member). Simply mistake?
 
Joe 
 		 	   		  
 		 	   		  
_________________________________________________________________
Hotmail: Trusted email with powerful SPAM protection.
http://clk.atdmt.com/GBL/go/177141665/direct/01/