On 17/06/2010, at 10:34 PM, Aaron Richton wrote:
On Thu, 17 Jun 2010, Indexer wrote:
membership logins a notice appears that says "You must be a memberUid
of cn=login,ou=Nemo,ou=Group,dc=chocolate,dc=lan to login.", but the
user is still able to continue and login, and it is not enforcing the
group
[...]
account optional /usr/local/lib/pam_ldap.so
Of course they're able to continue; that check is optional in a stack
that contains other results. See pam.conf(5) man page.
Yes, i have been told that this is the case, and im not to concerned
about it right now. What concerns me more, is that Groups aren't being
enforced the way i would like them to be. Has anyone got a working
configuration or hints? google was not especially helpful, as its a hard
problem to "quantify".