On 02/17/2011 09:12 AM, Meghanand Acharekar wrote:
Hi,
I'm using pam_groupdn for restricting access to some for my
servers,
by defining user groups as follows.
/etc/ldap.conf
(Redhat 5.5)
# Group to enforce membership of
pam_groupdn
cn=group1,ou=Group,dc=example,dc=com
# Group member
attribute
pam_member_attribute
memberUid
This works only if the pam_member_attribute is in following
format.
memberUid:
uid=user1,ou=People,dc=example,dc=com
memberUid:
uid=user2,ou=People,dc=example,dc=com
Simply memberUid:
user1 is not working, is there any way to fix this.
I believe pam_member_attribute will always refer to an attribute
containing users DNs. Take a look at the RFC2307bis support.
Second, if a user which dose not belong to this group
tries to login server,
access is denied by displaying following message.
You must be a
memberUid of cn=group1,ou=Group,dc=example,dc=com to login.
Connection
closed by x.x.x.x
Is it possible to change this message ?
In /etc/pam.d/common-account, for the pam_ldap.so line, use the
following:
account required pam_ldap.so ignore_authinfo_unavail
ignore_unknown_user no_warn