Hello,

I've added a new machine (desktop used by many users) to a network that uses LDAP (pam_ldap) for authentication. Can anyone post relevant configs to limit users by a groupOfNames? I've googled extensively and have found some partial comments, but no complete config examples or howto's.

The issue is as follows:
All users have one primary GID in their posixAccount entries, which is used to control access to the existing machines. So it's not really possible to change this. Now, I need to limit access to this new machine to a specific subset of users, all members of a specific groupOfNames.

I can't seem to get pam_ldap to use a groupOfNames instead of a posixGroup.

Any suggestions?

Thanks,
Jason

forget ldap attributes within pam, it's possible, but it's better to do it with generic access. If your LDAP mappings for passwd and group are set up OK, then you'll already know who is in what group in exactly the same way as any local user, meaning you can then just adjust your /etc/security/access.conf and such totally independently to the user database you have.