On our FreeBSD 7.2/8.0 driven infrastructure we use OpenLDAP: openldap-sasl-client-2.4.16 Open source LDAP client implementation with SASL2 support openldap-sasl-server-2.4.16 Open source LDAP server implementation pam_ldap-1.8.4_1 A pam module for authenticating with LDAP >From O'Reilly's OpenLDAP book and other sources I got the information, that tha tags pam_groupdn pam_member_attribute can be used in conjunction with 'uid' to restrict access to a specific host to those which are member of the group specified by pam_groupdn, as long as the group object supports multi-value-attributes like memberUid. Well, this is not working with FreeBSD any way! Suppose I define in /usr/local/etc/ldap.conf pam_groupdn cn=myGroup,ou=groups,dc=foo,dc=bar (objectClass: posixGroup) pam_member_attribute memberUid And within this group there is my memberUid: memberUid: ohartmann Now I try to login to the specific box and get the warning: You must be a memberUid of cn=myGroup,ou=groups,dc=foo,dc=bar to login. ... and I can login, no tmatter whether I'm in the group or not. What ist happening here? Why is the documentaion telling me this should work and why isn't FreeBSD/PAM doing so? I'm confused! Any help appreciated. OliverReceived on Fri Apr 24 2009 - 18:58:42 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:46 UTC