On Sun, Oct 07, 2007 at 02:26:50AM +0200, Maximilian Wilhelm wrote: > Am Saturday, den 6 October hub Roberto C. Sánchez folgendes in die Tasten: > > Hi! > > > Today I just finished switching one of my sites from LDAP-only to > > Kerberos+LDAP. > > > One thing that I liked about LDAP and pam_ldap was that I could use > > something like "pam_filter |(host=somehost)(host=\*)" on each host, > > along with "host=somehost" or "host=*" in each user's LDAP entry. This > > allowed me to restrict who could log in to each host. > > > Now that I have switched to using pam_krb53 and am only using LDAP for > > the location of the home directories and the uid/gid, it doesn't appear > > that the pam_filter line in libnss-ldap.conf is working. I also had the > > What exactly have you put into /etc/libnss-ldap.conf? > I'm using some filters at work which work as expected. > miami:~# grep -v '^#\|^ \|^$' /etc/libnss-ldap.conf base dc=connexer,dc=com uri ldaps://santiago.connexer.com/ ldap_version 3 pam_filter |(host=miami)(host=\*) pam_password exop > > same line in /etc/pam_ldap.conf, but I have removed all the pam_ldap > > entries from /etc/pam.d/*. > > > Does anyone know how I might be able to restore that behavior? > > Try something like this: > nss_base_passwd ou=People,<My BASEE DN>?one?domain=foo > Does that also go in libnss-ldap.conf? I ask, because in other HOWTSO I have read, I have seen those lines listed in ldap.conf. Which, I admit, is one of the things that confused me. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature