[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: User restriction

To: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>
Subject: Re: User restriction
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Fri, 4 Jun 2010 08:27:38 -0400 (EDT)
Cc: openldap-technical@openldap.org
In-reply-to: <BAY119-W36E0F14D5120AB96099EF2A3D20@phx.gbl>
References: <BAY119-W36E0F14D5120AB96099EF2A3D20@phx.gbl>
User-agent: Alpine 2.00 (SOC 1167 2008-08-23)

On Fri, 4 Jun 2010, Stuart Cherrington wrote:

nss_base_passwd         ou=people,dc=ldn,dc=sw,dc=com?sub?ismemberof=cn=access,ou=auth,dc=ldn,dc=sw,dc=com

This ensures that only users within the CN 'access' can login to the servers.

For a group, perhaps you should be using "pam_groupdn" directive insteadof that filter? (Test your setup with OpenLDAP's ldapcompare(1).)

References:
- User restriction
  - From: Stuart Cherrington <stuart_cherrington@hotmail.co.uk>

Prev by Date: Re: OpenLDAP configuration for ldap-group authentication on Apache2.x
Next by Date: Re: Write through an LDAP Proxy?
Index(es):
- Chronological
- Thread