[prev in list] [next in list] [prev in thread] [next in thread]
List: pam-list
Subject: PAM and LDAP ACL question
From: "John H. Clark, III" <JohnClark () comm2k ! com>
Date: 2002-09-19 16:14:15
[Download RAW message or body]
I'm having some difficulty configuring my LDAP ACL with pam_ldap and
nss_ldap.
My goal is to allow access to the LDAP directory only to authentication
processes and managers. In other words I want to prohibit read access to
the world while allowing authentication access and read/write access to
certain manager accounts.
However anytime I try to limit read access the authentication processes
stop working.
My only ACL at present is in slapd.conf
Access to dn="*.,dc=mysite,dc=com"
by * read
by * auth
and my nsswitch.conf has the following
passwd: ldap files
shadow: ldap files
group: ldap files
As I said, I've tried many different configurations but can't avoid the
* read access permission.
Thanks for any help with this issue.
John
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.0.4417.0">
<TITLE>PAM and LDAP ACL question</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>I'm having some difficulty configuring my LDAP ACL with pam_ldap and \
nss_ldap.</FONT> </P>
<P><FONT SIZE=2>My goal is to allow access to the LDAP directory only to \
authentication processes and managers. In other words I want to prohibit read access \
to the world while allowing authentication access and read/write access to certain \
manager accounts.</FONT></P>
<P><FONT SIZE=2>However anytime I try to limit read access the authentication \
processes stop working.</FONT> </P>
<P><FONT SIZE=2>My only ACL at present is in slapd.conf</FONT>
</P>
<P><FONT SIZE=2>Access to dn="*.,dc=mysite,dc=com"</FONT>
<BR> <FONT SIZE=2>by * read</FONT>
<BR> <FONT SIZE=2>by * auth</FONT>
</P>
<P><FONT SIZE=2>and my nsswitch.conf has the following</FONT>
</P>
<P><FONT SIZE=2>passwd: ldap files</FONT>
<BR><FONT SIZE=2>shadow: ldap files</FONT>
<BR><FONT SIZE=2>group: ldap files</FONT>
</P>
<P><FONT SIZE=2>As I said, I've tried many different configurations but can't avoid \
the * read access permission.</FONT> </P>
<P><FONT SIZE=2>Thanks for any help with this issue.</FONT>
</P>
<P><FONT SIZE=2>John</FONT>
</P>
</BODY>
</HTML>
_______________________________________________
Pam-list mailing list
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic