Re: check group membership locally and in also in ldap

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Note :

To clarify what I try to do :

I try to create an ldap "sysgroup" posixgroup entry whose usual
(and unusual) "sysaccounts" would be member of to be able
grant to the members of that "sysgroup" specific rights ( declared
in security/access.conf).

I'm also open to suggestions :-)


2012/3/13 bloguillard <blog@xxxxxxxxxxxxxxx>:
> Hello,
> I have configure a redhat box to authenticate users over an
> openldap server. "Systems" account ( uid > 500 ) are not
> created in ldap but are authentified over local password db.
> system-auth :
> ...
> auth        required
> auth        sufficient nullok try_first_pass
> auth        requisite uid >= 500 quiet
> auth        sufficient use_first_pass
> auth        required
> ...
> My ldap directory also contains posixgroups.
> I noticed that if I configure locally a system account to use
> an ldap GID, then the user is properly registered as a member
> of this group as well as any other groups it would be member
> of locally ( declared in /etc/group ).
> But if I declare in local /etc/passwd a local group as being the
> primary group for that user, then the user is not registered as being
> member of any ldap group it would be "subscribed" to.
> QUESTION : is there anyway to configure pam to say that the
> user group list includes ldap groups the user is member of
> as well as local groups, even if the primary group of that user
> is local ?
> Thanks
> ---
> Olivier

Pam-list mailing list

[Index of Archives]     [Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

  Powered by Linux