Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)

To: debian-user@lists.debian.org
Subject: Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
From: Martin <martin@marcher.name>
Date: Wed, 11 Mar 2009 21:03:17 +0100
Message-id: <[🔎] 5fa6c12e0903111303o190590eby67b5cbfcd3ba8d55@mail.gmail.com>
Reply-to: martin@marcher.name
In-reply-to: <[🔎] 20090304091434.GH17283@nemesis.ceu.ox.ac.uk>
References: <[🔎] 5fa6c12e0903040011r795589eeufe0bf892b5ed0a0f@mail.gmail.com> <[🔎] 20090304091434.GH17283@nemesis.ceu.ox.ac.uk>

Hi,

2009/3/4 Dave Ewart <davee@ceu.ox.ac.uk>:
> You don't explicitly mention this, so I'll just drop this in here:
> typically, you need to set both pam_groupdn and pam_member_attribute in
> /etc/pam_ldap.conf

i have set that:

# egrep -v '^$|^#' /etc/pam_ldap.conf
base dc=marcher,dc=name
uri ldap://localhost
ldap_version 3
pam_groupdn cn=testers,ou=Group,dc=marcher,dc=name
pam_member_attribute member
pam_password exop
nss_schema rfc2307bis
nss_map_attribute       member  memberUid

also these are the infos I'm getting from pam_ldap right now. I start
to think I'm in the wrong place with my config (pam_ldap is the right
place not nss-ldap.conf right?).


anyone with ideas?

# getent group|grep 500
users:*:5000:john.doe
testers:*:5001:

# getent passwd|grep john
john.doe:x:1000:5000:,,,:/home/exuser:/bin/bash

# ldapsearch -LLL -x '(gidnumber=*)'
dn: uid=john.doe,ou=People,dc=marcher,dc=name
uid: john.doe
cn: Example User
objectClass: account
objectClass: posixAccount
objectClass: hostObject
objectClass: authorizedServiceObject
objectClass: top
objectClass: shadowAccount
loginShell: /bin/bash
uidNumber: 1000
homeDirectory: /home/exuser
gecos: ,,,
host: *
authorizedService: *
gidNumber: 5000

dn: cn=users,ou=Group,dc=marcher,dc=name
gidNumber: 5000
objectClass: groupOfNames
objectClass: top
objectClass: posixGroup
member: cn=Dummy
member: uid=john.doe,ou=People,dc=marcher,dc=name
cn: users
memberUid: john.doe

dn: cn=testers,ou=Group,dc=marcher,dc=name
objectClass: groupOfNames
objectClass: top
objectClass: posixGroup
cn: testers
member: cn=Dummy
member: uid=john.doe,ou=People,dc=marcher,dc=name
gidNumber: 5001


-- 
http://soup.alt.delete.co.at
http://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher

You are not free to read this message,
by doing so, you have violated my licence
and are required to urinate publicly. Thank you.

Please avoid sending me Word or PowerPoint attachments.
See http://www.gnu.org/philosophy/no-word-attachments.html

Reply to:

Follow-Ups:
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>

References:
- pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Martin <martin@marcher.name>
- Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
  - From: Dave Ewart <davee@ceu.ox.ac.uk>

Prev by Date: Re: Top posting vs Bottom posting
Next by Date: Re: Top posting vs Bottom posting
Previous by thread: Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
Next by thread: Re: pam_ldap, nss_ldap and rfc2307bis (using member instead of memberUid)
Index(es):
- Date
- Thread