check group membership locally and in also in ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I have configure a redhat box to authenticate users over an
openldap server. "Systems" account ( uid > 500 ) are not
created in ldap but are authentified over local password db.

system-auth :
auth        required
auth        sufficient nullok try_first_pass
auth        requisite uid >= 500 quiet
auth        sufficient use_first_pass
auth        required

My ldap directory also contains posixgroups.

I noticed that if I configure locally a system account to use
an ldap GID, then the user is properly registered as a member
of this group as well as any other groups it would be member
of locally ( declared in /etc/group ).

But if I declare in local /etc/passwd a local group as being the
primary group for that user, then the user is not registered as being
member of any ldap group it would be "subscribed" to.

QUESTION : is there anyway to configure pam to say that the
user group list includes ldap groups the user is member of
as well as local groups, even if the primary group of that user
is local ?



Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux