You'll need set ldap in /etc/nsswitch.conf for passwd shadow and group and set pam_ldap.so for auth password and session in system-auth. There are other thing you could include in your system-auth depends on the kind of setup you need for you environment, such as cracklib for stronger passwords, sync windows and linux passwords, and so on. Most of this could be done with few step using authconfig, but if you after manually change system-auth, never use authconfig again because you'll lost your customizations. On 10/10/07, Esquivel, Vicente <Esquivelv@xxxxxxx> wrote: > Is there anything that needs to be done to the system-auth pam module to > allow this to work correctly? > > > > -----Original Message----- > > From: redhat-list-bounces@xxxxxxxxxx > > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mups.cp > > Sent: Wednesday, October 10, 2007 2:40 PM > > To: General Red Hat Linux discussion list > > Subject: Re: ldap authorization > > > > First create a groupOfUniqueNames objectClass in your ldap > > and set uniqueMember with the full dn for those users that > > should be allowed access. > > In /etc/ldap.conf > > pam_groupdn cn=unixusers,ou=Groups,dc=domain,dc=com > > Where unixusers is the group with the groupOfUniqueNames > > objectClass you defined before. > > > > > > On 10/10/07, Esquivel, Vicente <Esquivelv@xxxxxxx> wrote: > > > I have much interest on how to get pam_groupdn to work > > because I have > > > been battling with it for a few days now with not hope in sight. > > > > > > Vince > > > > > > > -----Original Message----- > > > > From: redhat-list-bounces@xxxxxxxxxx > > > > [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mups.cp > > > > Sent: Wednesday, October 10, 2007 2:30 PM > > > > To: General Red Hat Linux discussion list > > > > Subject: Re: ldap authorization > > > > > > > > You coud use the pam_groupdn option. > > > > > > > > On 10/10/07, Troy Knabe <knabe@xxxxxxxxxxx> wrote: > > > > > I am using Kerberos for authentication and ldap for > > > > authorization. But I want to limit the ldap users who > > can login to > > > > the server to a specific group. > > > > > > > > > > > > > > > > > > > > Anyone have any perls of wisdom on what needs to be added > > > > to the ldap.conf??? > > > > > > > > > > > > > > > > > > > > Thanks > > > > > > > > > > -Troy > > > > > > > > > > > > > > > > > > > > -- > > > > > redhat-list mailing list > > > > > unsubscribe > > > > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > > -- > > > > redhat-list mailing list > > > > unsubscribe > > > > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > -- > > > redhat-list mailing list > > > unsubscribe > > mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > > > > -- > > redhat-list mailing list > > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > > https://www.redhat.com/mailman/listinfo/redhat-list > > > > -- > redhat-list mailing list > unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe > https://www.redhat.com/mailman/listinfo/redhat-list > -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
