[Samba] ldap authentication without 'ldap filter' parameter

William Jojo jojowil at hvcc.edu
Wed Feb 8 12:12:04 GMT 2006


----- Original Message ----- 
From: "Norbert Gomes" <norbert.gomes at orleans-tours.iufm.fr>
To: "samba" <samba at lists.samba.org>
Sent: Wednesday, February 08, 2006 5:46 AM
Subject: [Samba] ldap authentication without 'ldap filter' parameter


> Hello
>
> I'm trying to update samba from 3.0.11 to 3.0.21 and I noticed that the
> 'ldap filter' paramater has been removed.
> After some search, I read that I have to configure nss_ldap. But I don't
> know how to configure it properly to operate with our LDAP database.
>
> Let me explain :
>
> We used the 'ldap filter' parameter like this :
>
>     ldap filter = (&(iufmLogin=%u)(gecos=#*))
>

Well, I understand your position. Tree management can be tough.

What you could look at if you are using OpenLDAP is:

http://www.openldap.org/software/man.cgi?query=slapo-rwm&sektion=5&apropos=0&manpath=OpenLDAP+2.3-Release

This is the rewrite module. It allows you to remap attributes and create
conditional changes to client searches and server replies. It works for
updates as well, so it's not just smoke and mirrors. This *might* help you
out of your jam.

I looked at this for our installation (we have a single tree that's used
among several DC's with trusts), but with the impending changes for
enumerating group RIDs, our own use of group mappings, future AD (read Samba
4) implementation and other political considerations, I've decided to script
a tree transform instead.


Cheers,

Bill


>
> Our authentication is based on the 'iufmLogin' attribute (we cannot use
> the 'uid' attribute) and the gecos has to start with the '#' character
> for the user to be authenticated.
>
> But my problem is that I can't parameter the /etc/ldap.conf file to use
> these filters.
>
> I tried to put this in the /etc/ldap.conf file :
>
> pam_filter iufmLogin=%s
> pam_login_attribute iufmLogin
>
> But the system seems to ignore these filters and it only uses the 'uid'
> attribute when I try the 'getent passwd' command.
>
> Can someone explain me how to do this correctly ?
>
> Thanks
>
>
> Norbert Gomes
>
>
> -- 
> To unsubscribe from this list go to the following URL and read the
> instructions:  https://lists.samba.org/mailman/listinfo/samba
>



More information about the samba mailing list