Hello. I run into a specific problem and for several months of experiments I havn't found a solution, yet. This is what I wish to get and need: A simple capability of selecting users into a specific group. Members of such a group should then log into a set of specific hosts. Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes (acting as server) as well as OpenLDAP backend. Authentication on boxes is done via PAM/ldap_pam. But it is on FreeBSD's side a vanilla configuration, not very sophisticated. Users autheticate and authorize against an OpenLDAP server residing on another box. pam_ldap in its most recent ports-version offers, as the manpage claims, a facility enabling group logins (resides in /usr/local/etc/ldap.conf): # Group to enforce membership of pam_groupdn cn=mygroup,ou=groups,dc=foo,dc=org?sub # Group member attribute #pam_member_attribute uniqueMember pam_member_attribute memberUid Within the DIT of the OpenLDAP server ou=groups exists and contains also a group called 'mygroup' with a multi-value attribute (as required), in this case memberUid. Using pam_ldap.so as a 'required' module is not appreciated, so there seems a problem to me with the stack order - should say: I need a LDAP solution. pam_group doesn't work for me: auth required/requisite pam_group.so no_warn group=mygroup Can anybody help or do have hints? Please remember I do not belon g to the 'questions' list, so please put me into your mail-cc. Regards, OliverReceived on Mon Apr 27 2009 - 05:49:30 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:46 UTC