[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Kerberos+LDAP and pam_filter

Am Sunday, den  7 October hub Roberto C. Sánchez folgendes in die Tasten:

> > What exactly have you put into /etc/libnss-ldap.conf?
> > I'm using some filters at work which work as expected.
> miami:~# grep -v '^#\|^ \|^$' /etc/libnss-ldap.conf
> base dc=connexer,dc=com
> uri ldaps://santiago.connexer.com/
> ldap_version 3
> pam_filter |(host=miami)(host=\*)
> pam_password exop

I could not find anyhting about pam_* in 'man libnss-ldap.conf'
Are there options from the configuration of 'libpam-ldap'?

I would try this:

uri ldaps://santiago.connexer.com/
base dc=connexer,dc=com
ldap_version 3
nss_base_passwd dc=connexer,dc=com?sub?|(host=miami)(host=\*)

If you have a flat sub-tree with all people, you should IMO use

  nss_base_passwd <subtree>,dc=connexer,dc=com?one?|(host=miami)(host=\*)

to speed up the lookups

> > > same line in /etc/pam_ldap.conf, but I have removed all the pam_ldap
> > > entries from /etc/pam.d/*.
> > > Does anyone know how I might be able to restore that behavior?

> > Try something like this:
> > nss_base_passwd ou=People,<My BASEE DN>?one?domain=foo
> Does that also go in libnss-ldap.conf?  I ask, because in other HOWTSO I
> have read, I have seen those lines listed in ldap.conf.  Which, I admit,
> is one of the things that confused me.

This *is* from libnss-ldap.conf

	Follow the white penguin.

Reply to: