[prev in list] [next in list] [prev in thread] [next in thread]
List: pamldap
Subject: Re: [pamldap] pam_groupdn and the pam stack
From: Brian Nelson <bnelson () cis ! ysu ! edu>
Date: 2001-08-08 21:32:21
[Download RAW message or body]
>
>However, when a non-group member logs in I get the message:
>"You must be a uniquemember of cn=admin,ou=Group,o=profitlogic to login."
>but the user can still login. I *know* pam_unix isn't doing the
>authentication, but I can't seem to get it work. (changing the ordering, or
>making both modules required results in undesirable behavior...)
>
If you're getting this message, than the groupdn checks _are_ working right. The
account stuff will only be enforced though, if all account modules are required.
Setting pam_ldap to sufficient defeats the security checks (account pam_unix
will always return success for ladp accounts in my expierence).
What 'undesirable behaviour' are you getting when doing this?
Also, make sure your pal_ldap is fairly current. This was only fixed in about
v117 or so.
Hope that helps.
-Brian
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic