Hello.
I run into a specific problem and for several months of experiments I
havn't found a solution, yet.
This is what I wish to get and need:
A simple capability of selecting users into a specific group. Members of
such a group should then log into a set of specific hosts.
Infrastructure is FreeBSD 8.0-CURRENT/amd64 and some 7.2-STABLE boxes
(acting as server) as well as OpenLDAP backend.
Authentication on boxes is done via PAM/ldap_pam. But it is on FreeBSD's
side a vanilla configuration, not very sophisticated. Users autheticate
and authorize against an OpenLDAP server residing on another box.
pam_ldap in its most recent ports-version offers, as the manpage claims,
a facility enabling group logins (resides in /usr/local/etc/ldap.conf):
# Group to enforce membership of
pam_groupdn cn=mygroup,ou=groups,dc=foo,dc=org?sub
# Group member attribute
#pam_member_attribute uniqueMember
pam_member_attribute memberUid
Within the DIT of the OpenLDAP server ou=groups exists and contains also
a group called 'mygroup' with a multi-value attribute (as required), in
this case memberUid.
Using pam_ldap.so as a 'required' module is not appreciated, so there
seems a problem to me with the stack order - should say: I need a LDAP
solution. pam_group doesn't work for me:
auth required/requisite pam_group.so no_warn group=mygroup
Can anybody help or do have hints?
Please remember I do not belon g to the 'questions' list, so please put
me into your mail-cc.
Regards,
Oliver
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"
