Re: schema for NSS LDAP with not all accounts active
On Fri, Mar 30, 2001 at 10:15:24AM +1000, Russell Coker wrote:
> On Friday 30 March 2001 08:55, Russell Coker wrote:
> > Good point. The problem is that the NSS interface doesn't allow for such
> > things so you would have to use pam_ldap for all authentication (no big
> > deal just a minor PITA to change all the /etc/pam.d files and keep them
> > maintained). Then what we need is an option for pam-ldap to specify which
> > filter should be used.
I think using pam_ldap in favor the NSS interface isn't a big problem.
> The down-side to this is that you need a separate config file for each
> service that is to be independantly controlled. However it shouldn't be to
> difficult to create these with M4 macros.
Well, at least that's an solution. However I don't like it too much, to
have a whole bunch of config files lying around. If I find the time
(imagine the if written in real big letters), I will try to implement this
in pam_ldap, where it belongs (IMHO).
Anyway, thanks for this solution, I will incorporate this in my existing
configuration as well
Alexander Reelsen http://joker.rhwd.de
email@example.com GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB
firstname.lastname@example.org 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C
Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO