tags 292030 + patch thanks
Hi,
I have made a small patch, that changes the behavior of pam_acct_mgmt when memberUid is used as pam_member_attribute.
Regards, Mikael Magnusson
diff -u libpam-ldap-169/pam_ldap.c libpam-ldap-169/pam_ldap.c
--- libpam-ldap-169/pam_ldap.c
+++ libpam-ldap-169/pam_ldap.c
@@ -3662,11 +3662,17 @@
} /* password expired */ /* group auth, per Chris's pam_ldap_auth module */
- if (session->conf->groupdn != NULL)
+ if (rc == success && session->conf->groupdn != NULL)
{
+ const char *value = session->info->userdn;
+
+ if (strcasecmp(session->conf->groupattr, "memberUid") == 0) {
+ value = username;
+ }
+
rc = ldap_compare_s (session->ld,
session->conf->groupdn,
- session->conf->groupattr, session->info->userdn);
+ session->conf->groupattr, value);
if (rc != LDAP_COMPARE_TRUE)
{
snprintf (buf, sizeof buf, "You must be a %s of %s to login.",
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
