Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

Wed, 11 Mar 2009 13:04:54 -0700 

Hi,

2009/3/4 Dave Ewart <da...@ceu.ox.ac.uk>:
> You don't explicitly mention this, so I'll just drop this in here:
> typically, you need to set both pam_groupdn and pam_member_attribute in
> /etc/pam_ldap.conf

i have set that:

# egrep -v '^$|^#' /etc/pam_ldap.conf
base dc=marcher,dc=name
uri ldap://localhost
ldap_version 3
pam_groupdn cn=testers,ou=Group,dc=marcher,dc=name
pam_member_attribute member
pam_password exop
nss_schema rfc2307bis
nss_map_attribute       member  memberUid

also these are the infos I'm getting from pam_ldap right now. I start
to think I'm in the wrong place with my config (pam_ldap is the right
place not nss-ldap.conf right?).


anyone with ideas?

# getent group|grep 500
users:*:5000:john.doe
testers:*:5001:

# getent passwd|grep john
john.doe:x:1000:5000:,,,:/home/exuser:/bin/bash

# ldapsearch -LLL -x '(gidnumber=*)'
dn: uid=john.doe,ou=People,dc=marcher,dc=name
uid: john.doe
cn: Example User
objectClass: account
objectClass: posixAccount
objectClass: hostObject
objectClass: authorizedServiceObject
objectClass: top
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 1000
homeDirectory: /home/exuser
gecos: ,,,
host: *
authorizedService: *
gidNumber: 5000

dn: cn=users,ou=Group,dc=marcher,dc=name
gidNumber: 5000
objectClass: groupOfNames
objectClass: top
objectClass: posixGroup
member: cn=Dummy
member: uid=john.doe,ou=People,dc=marcher,dc=name
cn: users
memberUid: john.doe

dn: cn=testers,ou=Group,dc=marcher,dc=name
objectClass: groupOfNames
objectClass: top
objectClass: posixGroup
cn: testers
member: cn=Dummy
member: uid=john.doe,ou=People,dc=marcher,dc=name
gidNumber: 5001


-- 
http://soup.alt.delete.co.at
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher

You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to