[prev in list] [next in list] [prev in thread] [next in thread]
List: proftpd-users
Subject: [Proftpd-user] proftpd:mod_ldap:LDAPDoGIDLookups howto?
From: Ken Johanson <proftpd () onnet ! cc>
Date: 2007-01-31 22:31:08
Message-ID: 45C118AC.1090304 () onnet ! cc
[Download RAW message or body]
Greetings,
I'd already asked this question but am trying to clarify it so that
folks may be better able to understand.
Can anyone explain which mode LDAPDoGIDLookups runs in; does it do the
group-lookup only by search with the user's 'gidNumber' attribute? Or,
can it be configured to match group-ACLs against more-than-one LDAP
group? In other words can it check all memberships a users has? (e.g one
or more posixGroup entries that have the person's memberUid attribute)
So far, I have not been able match group ids other than my own singleton
'gidNumber'.
Here are my relevant mod_ldap settings:
LDAPServer ldap01 ldap02
LDAPDoAuth on "ou=Users,dc=foo,dc=com" (|(uid=%v)(mail=%v)(cn=%v))
LDAPDoGIDLookups on "dc=foo,dc=com"
(&(memberUid=%v)(objectclass=posixGroup))
LDAPAuthBinds on
LDAPDefaultUID 504
LDAPForceDefaultUID on
PersistentPasswd off
LDAPAttr uid cn
(I am re-mapping cn to the UID because I use numeric CNs and also the
same numeric ids in my proftpd ACLs)
I have tried several variations of LDAPDoGIDLookups but the following
ACL only allows me to pass if the group ID is the same as my
person-entry's gidNumber (26):
<Limit ALL>
Deny all
#AllowUser 18000
# OK:
AllowGroup 26
# FAILS although the posixgroup by that CN has a
# memebrUid attribute of 18000 (me):
#AllowGroup 5
</Limit>
Any advise on this would be much appreciated.
Thanks,
Ken
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
ProFTPD Users List <proftpd-users@proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic