Further thoughts? Can I harness the ability to connect to get the
data out
even when I don't know the first thing about the data I want to
fetch,
similar to the slapcat command above?
*if* you can connect to the LDAP server, then you can also fetch all
the
Data as LDIF. You just have
-Original Message-
From: openldap-technical-boun...@openldap.org [mailto:openldap-
technical-boun...@openldap.org] On Behalf Of Gavin Henry
Sent: Tuesday, July 27, 2010 5:23 AM
To: Paul Harvey
Cc: openldap-technical@openldap.org
Subject: Re: How to check LDAP replication status?
You probably also want a line in the account section for pam_ldap.so.
Im not as familiar with opie (know what it is, just havent used it much), but
since it is set as requisite and before the ldap module, its possibly failing
your auth stack if you don't have it setup properly. Test with it
Instead of that, look at changing the pam rules to include/exclude users based
on groups or attribs. libnss-ldap (pam_ldap?) has a pam_filter line that lets
you specify a filter for that host based on an ldap search (ie: pam_filter
host=radarwould only allow users with a host attribute set