On Wednesday, 1 August 2012 22:21:07 Qian Zhang wrote:
BTW, I do not know how to configure PAM to only allow a group or some
groups to login the machine, if anyone can tell me the steps, it will
be really appreciated!
This isn't specific to LDAP or any other nss plugin, but specific to PAM.
If your applications use getgrouplist(3), then you can't just ignore the
gidNumber (see the manpage for details) from the passwd database, but you
could change the gidNumber to match the secondary group if you're not
concerned about the default gidNumber.
If your applications are PAM aware,
(CCing the list)
On 08/03/12 11:31 +0800, Qian Zhang wrote:
I am just wondering if there is a well-known rule for this use case,
I'd like to follow the general acceptable way. So most of people think
user1 should not log into the machine in this case, I will ingore
gidNumber and only care about
Hi,
In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using LDAP
Admin as LDAP client tool). For example, in group1, I can see user1
as its memberUid attribute, but the gidNumber attribute of user1
is group2.
I'd like
Le 01/08/2012 16:21, Qian Zhang a écrit :
Hi,
In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using LDAP
Admin as LDAP client tool). For example, in group1, I can see user1
as its memberUid attribute, but the
On 08/01/12 22:21 +0800, Qian Zhang wrote:
Hi,
In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using LDAP
Admin as LDAP client tool). For example, in group1, I can see user1
as its memberUid attribute, but the
Thanks Dan!
Basically, I also have concern about the performance. Because in that
case, when figuring out how many users in a group, I need to not only
consider the group's membership (memberUID) attribute, but also user's
gidNumber attribute (I am trying to write a Java application talk to
my
On 08/01/12 10:00 -0500, Dan White wrote:
On 08/01/12 22:21 +0800, Qian Zhang wrote:
In my OpenLDAP server, it is possible to set a user as a member of a
group, but it has another group as its primary group (I am using LDAP
Admin as LDAP client tool). For example, in group1, I can see user1
as