Re: Kerberos+LDAP and pam_filter
Am Sunday, den 7 October hub Roberto C. Sánchez folgendes in die Tasten:
> > What exactly have you put into /etc/libnss-ldap.conf?
> > I'm using some filters at work which work as expected.
>
> miami:~# grep -v '^#\|^ \|^$' /etc/libnss-ldap.conf
> base dc=connexer,dc=com
> uri ldaps://santiago.connexer.com/
> ldap_version 3
> pam_filter |(host=miami)(host=\*)
> pam_password exop
I could not find anyhting about pam_* in 'man libnss-ldap.conf'
Are there options from the configuration of 'libpam-ldap'?
I would try this:
uri ldaps://santiago.connexer.com/
base dc=connexer,dc=com
ldap_version 3
nss_base_passwd dc=connexer,dc=com?sub?|(host=miami)(host=\*)
If you have a flat sub-tree with all people, you should IMO use
nss_base_passwd <subtree>,dc=connexer,dc=com?one?|(host=miami)(host=\*)
to speed up the lookups
> > > same line in /etc/pam_ldap.conf, but I have removed all the pam_ldap
> > > entries from /etc/pam.d/*.
> > > Does anyone know how I might be able to restore that behavior?
> > Try something like this:
> > nss_base_passwd ou=People,<My BASEE DN>?one?domain=foo
> Does that also go in libnss-ldap.conf? I ask, because in other HOWTSO I
> have read, I have seen those lines listed in ldap.conf. Which, I admit,
> is one of the things that confused me.
This *is* from libnss-ldap.conf
Ciao
Max
--
Follow the white penguin.
Reply to: