diff options
Diffstat (limited to 'modules/pam')
| -rw-r--r-- | modules/pam/templates/ldap.conf | 5 | ||||
| -rw-r--r-- | modules/pam/templates/system-auth | 1 |
2 files changed, 5 insertions, 1 deletions
diff --git a/modules/pam/templates/ldap.conf b/modules/pam/templates/ldap.conf index a1d751cf..5e550661 100644 --- a/modules/pam/templates/ldap.conf +++ b/modules/pam/templates/ldap.conf @@ -15,7 +15,10 @@ nss_map_attribute uniqueMember member sudoers_base ou=sudoers,<%= dc_suffix %> #sudoers_debug 2 -<% if restricted_shell %> +<%- +restricted_shell = scope.lookupvar('pam::multiple_ldap_access::restricted_shell') +if restricted_shell +-%> # for restricted access nss_override_attribute_value loginShell /usr/local/bin/sv_membersh.pl <% end %> diff --git a/modules/pam/templates/system-auth b/modules/pam/templates/system-auth index 4df9555e..de985687 100644 --- a/modules/pam/templates/system-auth +++ b/modules/pam/templates/system-auth @@ -11,6 +11,7 @@ auth required pam_deny.so account sufficient pam_localuser.so # not sure if the following bring something useful account required pam_ldap.so +<%- access_classes = scope.lookupvar('pam::multiple_ldap_access::access_classes') -%> <%- if access_classes -%> <%- access_classes.each { |ldap_group| -%> account sufficient pam_succeed_if.so quiet user ingroup <%= ldap_group %> |