FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-04-2009, 07:11 AM
Martin
 
Default pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

Hello,

I'd like to use the rfc2307bis schema on our openldap server (I know
it's deleted by IETF). However I can't quite figure out how I could
convince either pam_ldap and/or nss_ldap to accept the group
memberships. All the groups a are found, the users are found but I
couldn't figure out what I need to tell /etc/pam_ldap.conf to accept
the memberships as set in the ldif entries below.

Like mentioned in the subject I'd like to use the member attribute
instead of the memberUid so that I don't have to keep track of members
twice.

Using these packages for the ldap stuff:
libnss-ldapd - NSS module for using LDAP as a naming service
libpam-ldap - Pluggable Authentication Module for LDAP

NSCD is not used right now, so that I don't have to deal with caching issues.
All of the above happens on current stable (Lenny)
# cat /etc/debian_version
5.0

any help?
Martin


# getent group |grep 500
users:*:5000:john.doe
testers:*:5001:
# getent passwd|grep doe
john.doe:x:1000:5000:,,,:/home/exuser:/bin/bash
# id john.doe
uid=1000(john.doe) gid=5000(users) groups=5000(users)

ldif entries:
dn: cn=users,ou=Group,dc=example,dc=com
objectClass: groupOfNames
objectClass: posixGroup
objectClass: top
cn: users
gidNumber: 5000
member: cn=Dummy
member: uid=john.doe,ou=People,dc=example,dc=com

dn: cn=testers,ou=Group,dc=example,dc=com
objectClass: groupOfNames
objectClass: posixGroup
objectClass: top
cn: testers
gidNumber: 5001
member: cn=Dummy
member: uid=john.doe,ou=People,dc=example,dc=com




--
http://soup.alt.delete.co.at
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher

You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 09:11 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org