check group membership locally and in also in ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello,

I have configure a redhat box to authenticate users over an
openldap server. "Systems" account ( uid > 500 ) are not
created in ldap but are authentified over local password db.

system-auth :
...
auth        required      pam_env.so
auth        sufficient    pam_unix.so nullok try_first_pass
auth        requisite     pam_succeed_if.so uid >= 500 quiet
auth        sufficient    pam_sss.so use_first_pass
auth        required      pam_deny.so
...

My ldap directory also contains posixgroups.

I noticed that if I configure locally a system account to use
an ldap GID, then the user is properly registered as a member
of this group as well as any other groups it would be member
of locally ( declared in /etc/group ).

But if I declare in local /etc/passwd a local group as being the
primary group for that user, then the user is not registered as being
member of any ldap group it would be "subscribed" to.

QUESTION : is there anyway to configure pam to say that the
user group list includes ldap groups the user is member of
as well as local groups, even if the primary group of that user
is local ?

Thanks

---
Olivier

_______________________________________________
Pam-list mailing list
Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list


[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux