FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 03-04-2009, 08:14 AM
Dave Ewart
 
Default pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

On Wednesday, 04.03.2009 at 09:11 +0100, Martin wrote:

> I'd like to use the rfc2307bis schema on our openldap server (I know
> it's deleted by IETF). However I can't quite figure out how I could
> convince either pam_ldap and/or nss_ldap to accept the group
> memberships. All the groups a are found, the users are found but I
> couldn't figure out what I need to tell /etc/pam_ldap.conf to accept
> the memberships as set in the ldif entries below.

You don't explicitly mention this, so I'll just drop this in here:
typically, you need to set both pam_groupdn and pam_member_attribute in
/etc/pam_ldap.conf

Dave.

--
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
University of Oxford / Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7516, W 1.2152
 
Old 03-12-2009, 09:48 AM
Dave Ewart
 
Default pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

On Wednesday, 11.03.2009 at 22:01 +0100, Martin wrote:

> OK I Managed to get at least group memberships (somehow working):
>
> # getent group testers users; id john.doe
> testers:*:5001:cn=Dummy,uid=john.doe,ou=People,dc= marcher,dc=name
> users:*:5000:cn=Dummy,uid=john.doe,ou=People,dc=ma rcher,dc=name
> uid=1000(john.doe) gid=5000(users) groups=5000(users)
>
> now, why doesn't it work so that I just have john.doe as a member but
> instead the full DN of the ldap object?

Your 'cn=testers' entry includes the full DN, so that's what gets
returned.

Depending on what you're trying to do, you could probably do some
ldapsearch/sed pipeline to just return what you need.

Dave.

--
Dave Ewart
davee@ceu.ox.ac.uk
Computing Manager, Cancer Epidemiology Unit
University of Oxford / Cancer Research UK
PGP: CC70 1883 BD92 E665 B840 118B 6E94 2CFD 694D E370
Get key from http://www.ceu.ox.ac.uk/~davee/davee-ceu-ox-ac-uk.asc
N 51.7516, W 1.2152
 

Thread Tools




All times are GMT. The time now is 08:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org