+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">

+<HTML>

+ <HEAD>

+ <TITLE> [Mageia-dev] Help needed with ldap server.and gdm.

+ </TITLE>

+ <LINK REL="Index" HREF="index.html" >

+ <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Help%20needed%20with%20ldap%20server.and%20gdm.&In-Reply-To=%3C514EE849.6030800%40gmail.com%3E">

+ <META NAME="robots" CONTENT="index,nofollow">

+ <META http-equiv="Content-Type" content="text/html; charset=us-ascii">

+ <LINK REL="Previous" HREF="023757.html">

+ <LINK REL="Next" HREF="023763.html">

+ </HEAD>

+ <BODY BGCOLOR="#ffffff">

+ <H1>[Mageia-dev] Help needed with ldap server.and gdm.</H1>

+ <B>Guillaume Rousse</B>

+ <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Help%20needed%20with%20ldap%20server.and%20gdm.&In-Reply-To=%3C514EE849.6030800%40gmail.com%3E"

+ TITLE="[Mageia-dev] Help needed with ldap server.and gdm.">guillomovitch at gmail.com

+ </A><BR>

+ <I>Sun Mar 24 12:49:29 CET 2013</I>

+ <P><UL>

+ <LI>Previous message: <A HREF="023757.html">[Mageia-dev] Help needed with ldap server.and gdm.

+</A></li>

+ <LI>Next message: <A HREF="023763.html">[Mageia-dev] freeze push : snort

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#23772">[ date ]</a>

+ <a href="thread.html#23772">[ thread ]</a>

+ <a href="subject.html#23772">[ subject ]</a>

+ <a href="author.html#23772">[ author ]</a>

+ </LI>

+ </UL>

+ <HR>

+<!--beginarticle-->

+<PRE>Le 23/03/2013 21:41, David W. Hodgins a &#233;crit :

+&gt;<i> Any suggestions?

+</I>You're mixing issues here.

+

+pam only deals with authentication and authorization. The problem is not

+to make a choice from pam_unix, or pam_pwdb, or pam_tcb, but to express

+the fact than an user can authenticate from either local password

+database or ldap passwd database:

+auth sufficient pam_unix

+auth sufficient pam_ldap use_first_pass

+auth required pam_deny.so

+

+Most modules accept debug option to help troubleshooting.

+

+Once you resolved your authentication and authorization issues for both

+users (console login, su, whatever), you can deal with the list of

+people enumerated in gdm, but in gdm configuration.

+

+Also, the documentation you're using is a bit outdated:

+- bdb makes more sense today than ldbm as storage backend

+- ssha is a better choice than crypt for default password encoding scheme

+- using a rootdn with a password defined in slapd.conf is quite discussable

+- ACLs such as 'access to dn=&quot;.*,dc=mylan,dc=net&quot;' would better be

+defined as 'access to dn.subtree=&quot;dc=mylan,dc=net&quot;' (no regex involved)

+- examples given use rfc2307 schema, whereas rfc2307bis (group

+membership defined through dn, not uids) is a better choice

+- and more important: nss_ldap and pam_ldap are getting deprecated

+nowadays, in favor or nss_pam_slapd, or sssd.

+

+--

+BOFH excuse #235:

+

+The new frame relay network hasn't bedded down the software loop

+transmitter yet.

+</PRE>

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+

+<!--endarticle-->

+ <HR>

+ <P><UL>

+ <!--threads-->

+ <LI>Previous message: <A HREF="023757.html">[Mageia-dev] Help needed with ldap server.and gdm.

+</A></li>

+ <LI>Next message: <A HREF="023763.html">[Mageia-dev] freeze push : snort

+</A></li>

+ <LI> <B>Messages sorted by:</B>

+ <a href="date.html#23772">[ date ]</a>

+ <a href="thread.html#23772">[ thread ]</a>

+ <a href="subject.html#23772">[ subject ]</a>

+ <a href="author.html#23772">[ author ]</a>

+ </LI>

+ </UL>

+

+<hr>

+<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev

+mailing list</a><br>

+</body></html>