From owner-freebsd-questions@FreeBSD.ORG Wed May 27 10:59:46 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id AFDA41065673 for ; Wed, 27 May 2009 10:59:46 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from kuber.nabble.com (kuber.nabble.com [216.139.236.158]) by mx1.freebsd.org (Postfix) with ESMTP id 801228FC25 for ; Wed, 27 May 2009 10:59:46 +0000 (UTC) (envelope-from bounces@nabble.com) Received: from isper.nabble.com ([192.168.236.156]) by kuber.nabble.com with esmtp (Exim 4.63) (envelope-from ) id 1M9GrJ-0004L5-NM for freebsd-questions@freebsd.org; Wed, 27 May 2009 03:59:45 -0700 Message-ID: <23740220.post@talk.nabble.com> Date: Wed, 27 May 2009 03:59:45 -0700 (PDT) From: nok_compx To: freebsd-questions@freebsd.org In-Reply-To: <49F2281D.7030109@mail.zedat.fu-berlin.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Nabble-From: nok_compx@hotmail.com References: <49F2281D.7030109@mail.zedat.fu-berlin.de> Subject: Re: pam_groupdn/pam_member_attribute does not with OpenLDAP/PAM and FreeBSD. Why? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 May 2009 10:59:46 -0000 I found this problem too. I use CentOS 5.2 and openldap-2.3.43-3.el5. How can I configure this issue, please tell me? :-) O. Hartmann-5 wrote: > > On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP: > > openldap-sasl-client-2.4.16 Open source LDAP client implementation with > SASL2 support > openldap-sasl-server-2.4.16 Open source LDAP server implementation > pam_ldap-1.8.4_1 A pam module for authenticating with LDAP > >>From O'Reilly's OpenLDAP book and other sources I got the information, > that tha tags > > pam_groupdn > pam_member_attribute > > can be used in conjunction with 'uid' to restrict access to a specific > host to those which are member of the group specified by pam_groupdn, as > long as the group object supports > multi-value-attributes like memberUid. > > Well, this is not working with FreeBSD any way! > > Suppose I define in /usr/local/etc/ldap.conf > > pam_groupdn cn=myGroup,ou=groups,dc=foo,dc=bar (objectClass: posixGroup) > pam_member_attribute memberUid > > And within this group there is my memberUid: > > memberUid: ohartmann > > Now I try to login to the specific box and get the warning: > > > You must be a memberUid of cn=myGroup,ou=groups,dc=foo,dc=bar to login. > > ... and I can login, no tmatter whether I'm in the group or not. > > What ist happening here? Why is the documentaion telling me this should > work and why isn't FreeBSD/PAM doing so? > > I'm confused! > > Any help appreciated. > > Oliver > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" > > -- View this message in context: http://www.nabble.com/pam_groupdn-pam_member_attribute-does-not-with-OpenLDAP-PAM-and-FreeBSD.-Why--tp23224829p23740220.html Sent from the freebsd-questions mailing list archive at Nabble.com.