[Mageia-sysadm] Usernames, uids, and groups

Buchan Milne bgmilne at multilinks.com
Tue Nov 9 14:28:30 CET 2010


On Tuesday, 9 November 2010 07:53:42 Luca Berra wrote:
> On Mon, Nov 08, 2010 at 05:29:24PM +0100, nicolas vigier wrote:
> >Hello,
> >
> >On some machines like the svn server, we need to use pam_ldap to allow
> >users access with their ldap accounts. But on others servers like
> >alamut (web services), or the build nodes, normal users have no reason
> >to login. On those servers, do you think we should restrict access with
> >ssh configuration and a group, or disable pam_ldap completly on those
> >servers and only use local accounts ?
> 
> you should be able to configure nss_ldap/pam_ldap to only allow certain
> users/group (pam_filter directive)

pam_groupdn may be better, unless we use memberOf (e.g. slapo-memberof).

> unfortunately pam_ldap does not allow storing its configuration in ldap,

slapd+nssov allows this ... but it isn't trivial, and I haven't played with it 
much.

Regards,
Buchan


More information about the Mageia-sysadm mailing list