pam_filter usage prevent passwd from working

Question

I have PAM+LDAP SSL running on Debian Lenny, it works well. I always want to restrict who's able to connect, in the past I used pam_groupdn for that but I recently got a situation where I has to accept 2 different groups. So I used pam_filter like this :

pam_filter |(groupattribute=server)(groupattribute=restricted_server)

The problem is that with this statement, passwd doesn't work anymore with LDAP accounts.

Any idea why ?

Please find hereby some links to my config files :
Since serverfault.com only allow me to post 1 link, please find hereunder the link to other conf files : http://pastebin.org/447148

Many thanks in advance :)

score 0 · Answer 1 · answered Aug 04 '10 at 07:48

0

I have not used pam_filter, but the usual LDAP query would in my opinion be

pam_filter (|(groupattribute=server)(groupattribute=restricted_server))

instead of

pam_filter |(groupattribute=server)(groupattribute=restricted_server)

you posted. Notice the extra parenthesis.

answered Aug 04 '10 at 07:48

Janne Pikkarainen

31,852
4
58
81

That doesn't change anything, thanks for the help. – Aug 04 '10 at 07:52
No idea, anyobody ? – Aug 04 '10 at 10:22

pam_filter usage prevent passwd from working

1 Answers1