[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Pam_ldap group access

To: Indexer <indexer@internode.on.net>, openldap-technical@openldap.org
Subject: Re: Pam_ldap group access
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Thu, 17 Jun 2010 10:15:06 +0200
In-reply-to: <0A5BB2F9-E68A-433E-89EC-43A22722A60B@internode.on.net>
References: <0A5BB2F9-E68A-433E-89EC-43A22722A60B@internode.on.net>
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100614 Mandriva/3.0.4-11mdv2010.1 (2010.1) Thunderbird/3.0.4

Le 17/06/2010 04:05, Indexer a écrit :

but when a user without the membership logins a notice appears that says "You must be a memberUid of cn=login,ou=Nemo,ou=Group,dc=chocolate,dc=lan to login.", but the user is still able to continue and login, and it is not enforcing the group membership.

It's purely a pam issue, and not an ldap one.

[..]

account         required        pam_nologin.so
account         required        pam_login_access.so
account         optional        pam_unix.so
account         optional        /usr/local/lib/pam_ldap.so

It's a bit useless to have an 'optional' pam permission module...

--
BOFH excuse #390:

Increased sunspot activity.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

References:
- Pam_ldap group access
  - From: Indexer <indexer@internode.on.net>

Prev by Date: Re: LDAP clients
Next by Date: Re: Q: status of component matching?
Index(es):
- Chronological
- Thread