[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: [pamldap] allowing access to only certain hosts - pam_groupdn
From: "Mickey Everts" <mickey () yipes ! com>
Date: 2000-10-12 4:56:08
[Download RAW message or body]
I am attempting to allow a user access only to certain hosts, and I'm not
having much luck, i.e. "user1" can log into "somehost" whether they are a
member of the DN or not. Here is some info on my settings and such....
### snippets from ldap.conf ###
# Group to enforce membership of
pam_groupdn cn=somehost,ou=Machines,ou=Groups,o=yipes.com
# Group member attribute
pam_member_attribute uniquemember
### a few of the ldap server log entries during log in... ###
[11/Oct/2000:21:30:44 -0700] conn=302 op=0 BIND dn="" method=128 version=3
[11/Oct/2000:21:30:44 -0700] conn=302 op=0 RESULT err=0 tag=97 nentries=0
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=1 SRCH base="o=yipes.com" scope=2
filter="(&(objectclass=posixAccount)(uid=someuser))"
[11/Oct/2000:21:30:44 -0700] conn=302 op=1 RESULT err=0 tag=101 nentries=1
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=2 BIND
dn="uid=someuser,ou=People,o=yipes.com" method=128 version=3
[11/Oct/2000:21:30:44 -0700] conn=302 op=2 RESULT err=0 tag=97 nentries=0
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=3 BIND dn="" method=128 version=3
[11/Oct/2000:21:30:44 -0700] conn=302 op=3 RESULT err=0 tag=97 nentries=0
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=4 CMP
dn="cn=somehost,ou=Machines,ou=Groups,o=yipes.com" attr="uniquemember"
[11/Oct/2000:21:30:44 -0700] conn=302 op=4 RESULT err=5 tag=111 nentries=0
etime=0
### Here is an ldif of an entry in the LDAP server, note that "user1" is not
a member of this group. ###
dn: cn=somehost, ou=Machines, ou=Groups, o=yipes.com
cn: somehost
objectclass: top
objectclass: groupofuniquenames
uniquemember: user2
uniquemember: user3
Regards,
Mickey Everts
Unix System Administrator
Yipes Communications, Inc.
http://www.yipes.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic