Re: ldap authorization

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Either one, I only want people from the group to be able to access the server.

Thanks
-Troy


----- Original Message -----
From: "mups.cp" <mups.cp@xxxxxxxxx>
Date: Wednesday, October 10, 2007 6:33 pm
Subject: Re: ldap authorization
To: General Red Hat Linux discussion list <redhat-list@xxxxxxxxxx>

> When you say connect you refer to local or remotely?
> 
> 
> On 10/10/07, Troy Knabe <knabe@xxxxxxxxxxx> wrote:
> > # Group to enforce membership of
> > pam_groupdn cn=troy_test,ou=Groups,dc=company,dc=com ## Yes, I 
> replaced> this with my basedn)
> >
> > # Group member attribute
> > pam_member_attribute uniquemember
> >
> >
> > I am the only member of the group, and uniqueMember is the 
> attribute.>
> > -Troy
> >
> > Esquivel, Vicente wrote:
> > > For me I only had to make sure that the correct 
> pam_member_attribute was
> > > set inside the ldap.conf file.
> > >
> > > Vince
> > >
> > >> -----Original Message-----
> > >> From: redhat-list-bounces@xxxxxxxxxx
> > >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of Troy Knabe
> > >> Sent: Wednesday, October 10, 2007 4:35 PM
> > >> To: General Red Hat Linux discussion list
> > >> Subject: RE: ldap authorization
> > >>
> > >> So I have done this and restarted nscd and even rebooted, but
> > >> still everyone with an account can access the server.  
> What I
> > >> am I missing?
> > >>
> > >> -Troy
> > >>
> > >>
> > >> -----Original Message-----
> > >> From: redhat-list-bounces@xxxxxxxxxx
> > >> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mups.cp
> > >> Sent: Wednesday, October 10, 2007 12:40 PM
> > >> To: General Red Hat Linux discussion list
> > >> Subject: Re: ldap authorization
> > >>
> > >> First create a groupOfUniqueNames objectClass in your ldap
> > >> and set uniqueMember with the full dn for those users that
> > >> should be allowed access.
> > >> In /etc/ldap.conf
> > >> pam_groupdn cn=unixusers,ou=Groups,dc=domain,dc=com
> > >> Where unixusers is the group with the groupOfUniqueNames
> > >> objectClass you defined before.
> > >>
> > >>
> > >> On 10/10/07, Esquivel, Vicente <Esquivelv@xxxxxxx> wrote:
> > >>> I have much interest on how to get pam_groupdn to work
> > >> because I have
> > >>> been battling with it for a few days now with not hope in sight.
> > >>>
> > >>> Vince
> > >>>
> > >>>> -----Original Message-----
> > >>>> From: redhat-list-bounces@xxxxxxxxxx
> > >>>> [mailto:redhat-list-bounces@xxxxxxxxxx] On Behalf Of mups.cp
> > >>>> Sent: Wednesday, October 10, 2007 2:30 PM
> > >>>> To: General Red Hat Linux discussion list
> > >>>> Subject: Re: ldap authorization
> > >>>>
> > >>>> You coud use the pam_groupdn option.
> > >>>>
> > >>>> On 10/10/07, Troy Knabe <knabe@xxxxxxxxxxx> wrote:
> > >>>>> I am using Kerberos for authentication and ldap for
> > >>>> authorization.  But I want to limit the ldap users who
> > >> can login to
> > >>>> the server to a specific group.
> > >>>>>
> > >>>>>
> > >>>>> Anyone have any perls of wisdom on what needs to be added
> > >>>> to the ldap.conf???
> > >>>>>
> > >>>>>
> > >>>>> Thanks
> > >>>>>
> > >>>>> -Troy
> > >>>>>
> > >>>>>
> > >>>>>
> > >>>>> --
> > >>>>> redhat-list mailing list
> > >>>>> unsubscribe
> > >>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >>>>> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>>>>
> > >>>> --
> > >>>> redhat-list mailing list
> > >>>> unsubscribe
> > >>>> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >>>> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>>>
> > >>> --
> > >>> redhat-list mailing list
> > >>> unsubscribe
> > >> mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> > >>> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-
> request@xxxxxxxxxx?subject=unsubscribe> >> 
> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >> --
> > >> redhat-list mailing list
> > >> unsubscribe mailto:redhat-list-
> request@xxxxxxxxxx?subject=unsubscribe> >> 
> https://www.redhat.com/mailman/listinfo/redhat-list
> > >>
> > >
> >
> > --
> > redhat-list mailing list
> > unsubscribe mailto:redhat-list-
> request@xxxxxxxxxx?subject=unsubscribe> 
> https://www.redhat.com/mailman/listinfo/redhat-list
> >
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Troy Knabe
Senior Systems Administrator
Computing and Information Services
4J School District
knabe@xxxxxxxxxxx
Ph: 541.687.3587



-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subjecthttps://www.redhat.com/mailman/listinfo/redhat-list


[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux