'[pamldap] allowing access to only certain hosts - pam_groupdn'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       pamldap
Subject:    [pamldap] allowing access to only certain hosts - pam_groupdn
From:       "Mickey Everts" <mickey () yipes ! com>
Date:       2000-10-12 4:56:08
[Download RAW message or body]


I am attempting to allow a user access only to certain hosts, and I'm not
having much luck, i.e. "user1" can log into "somehost" whether they are a
member of the DN or not.  Here is some info on my settings and such....

### snippets from ldap.conf ###

# Group to enforce membership of
pam_groupdn cn=somehost,ou=Machines,ou=Groups,o=yipes.com

# Group member attribute
pam_member_attribute uniquemember

### a few of the ldap server log entries during log in... ###

[11/Oct/2000:21:30:44 -0700] conn=302 op=0 BIND dn="" method=128 version=3
[11/Oct/2000:21:30:44 -0700] conn=302 op=0 RESULT err=0 tag=97 nentries=0
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=1 SRCH base="o=yipes.com" scope=2
filter="(&(objectclass=posixAccount)(uid=someuser))"
[11/Oct/2000:21:30:44 -0700] conn=302 op=1 RESULT err=0 tag=101 nentries=1
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=2 BIND
dn="uid=someuser,ou=People,o=yipes.com" method=128 version=3
[11/Oct/2000:21:30:44 -0700] conn=302 op=2 RESULT err=0 tag=97 nentries=0
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=3 BIND dn="" method=128 version=3
[11/Oct/2000:21:30:44 -0700] conn=302 op=3 RESULT err=0 tag=97 nentries=0
etime=0
[11/Oct/2000:21:30:44 -0700] conn=302 op=4 CMP
dn="cn=somehost,ou=Machines,ou=Groups,o=yipes.com" attr="uniquemember"
[11/Oct/2000:21:30:44 -0700] conn=302 op=4 RESULT err=5 tag=111 nentries=0
etime=0

### Here is an ldif of an entry in the LDAP server, note that "user1" is not
a member of this group. ###

dn: cn=somehost, ou=Machines, ou=Groups, o=yipes.com
cn: somehost
objectclass: top
objectclass: groupofuniquenames
uniquemember: user2
uniquemember: user3

Regards,

Mickey Everts
Unix System Administrator
Yipes Communications, Inc.
http://www.yipes.com/

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic