Date: Wed, 27 May 2009 03:59:45 -0700 (PDT) From: nok_compx <nok_compx@hotmail.com> To: freebsd-questions@freebsd.org Subject: Re: pam_groupdn/pam_member_attribute does not with OpenLDAP/PAM and FreeBSD. Why? Message-ID: <23740220.post@talk.nabble.com> In-Reply-To: <49F2281D.7030109@mail.zedat.fu-berlin.de> References: <49F2281D.7030109@mail.zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
I found this problem too. I use CentOS 5.2 and openldap-2.3.43-3.el5. How can I configure this issue, please tell me? :-) O. Hartmann-5 wrote: > > On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP: > > openldap-sasl-client-2.4.16 Open source LDAP client implementation with > SASL2 support > openldap-sasl-server-2.4.16 Open source LDAP server implementation > pam_ldap-1.8.4_1 A pam module for authenticating with LDAP > >>From O'Reilly's OpenLDAP book and other sources I got the information, > that tha tags > > pam_groupdn > pam_member_attribute > > can be used in conjunction with 'uid' to restrict access to a specific > host to those which are member of the group specified by pam_groupdn, as > long as the group object supports > multi-value-attributes like memberUid. > > Well, this is not working with FreeBSD any way! > > Suppose I define in /usr/local/etc/ldap.conf > > pam_groupdn cn=myGroup,ou=groups,dc=foo,dc=bar (objectClass: posixGroup) > pam_member_attribute memberUid > > And within this group there is my memberUid: > > memberUid: ohartmann > > Now I try to login to the specific box and get the warning: > > > You must be a memberUid of cn=myGroup,ou=groups,dc=foo,dc=bar to login. > > ... and I can login, no tmatter whether I'm in the group or not. > > What ist happening here? Why is the documentaion telling me this should > work and why isn't FreeBSD/PAM doing so? > > I'm confused! > > Any help appreciated. > > Oliver > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > -- View this message in context: http://www.nabble.com/pam_groupdn-pam_member_attribute-does-not-with-OpenLDAP-PAM-and-FreeBSD.-Why--tp23224829p23740220.html Sent from the freebsd-questions mailing list archive at Nabble.com.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23740220.post>