[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Google
  Web www.spinics.net

getting group info from openldap



I've been told this might be a pam_ldap issue. Please let me know what files/output I'd need to include (If anything is lacking).

We use openldap 2.3 on Red Hat Enterprise Linux ES release 4 (Nahant Update 3).

The user's primary group is stored in the gid attribute in their entry, but additional group memberships are configured by adding a memberUID with the user's username to the posixGroup entry for the group.

When the user logs in they authenticate against OpenLdap correctly, but the only group information that seems to follow them to the server is the gid listed in their user entry. Our client servers run RH ES 3 or 4.

I've been fighting this for quite a while now, I've been reading this list and the archives as well as online docs.

/etc/pam.d/login
#%PAM-1.0
auth       required     pam_securetty.so
auth       required     pam_stack.so service=system-auth
auth       required     pam_nologin.so
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth
session    required     pam_stack.so service=system-auth
session    optional     pam_console.so

/etc/pam.d/passwd
#%PAM-1.0
auth       required     pam_stack.so service=system-auth
account    required     pam_stack.so service=system-auth
password   required     pam_stack.so service=system-auth

Our clients ldap.conf

host 172.30.3.X
# The distinguished name of the search base.
base ou=People,dc=ourname,dc=com
sudoers_base ou=People,dc=ourname,dc=com
uri ldap://172.30.3.X/
binddn cn=Manager,dc=ourname,dc=com
bindpw ourtopsecretpassword
# Group to enforce membership of
#pam_groupdn cn=PAM,ou=Groups,dc=example,dc=com
# Group member attribute
#psecretam_member_attribute uniquemember
pam_password md5
ssl no

#end ldap.con

Thank you,
-John B

--
John D. Beck, CCNA, RSA CSA & CSIE, Sys Admin / Security Engineer
Global Science and Technology (GST)
jbeck@xxxxxxxxxxx
Phone: 202.479.9030 #427

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________

Pam-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/pam-list

[Fedora Users]     [Kernel]     [Red Hat Install]     [Linux for the blind]     [Gimp]

Add to Google Powered by Linux