[Samba] use of pam_filter with LDAP

Norbert Gomes norbert.gomes at orleans-tours.iufm.fr
Mon Nov 5 15:05:46 GMT 2007


I would like to use pam filters to authenticate users on LDAP 2.3 with 
Samba-3.0.26a on a Fedora Core 7
For information,samba is compiled with the --with-ldapsam option (2.0 
LDAP schema)

Basic LDAP authentication works well, when I type 'getent passwd', all 
my users are displayed.

Now I want to use the pam_filter option in the /etc/ldap.conf file, but 
I can't make it work :

For example, with pam_filter objectclass=supannPerson, getent passwd 
returns the same list as when I don't use the filters

- Here's the ldap.conf file :

base dc=tata,dc=toto,dc=fr
binddn cn=XXXXX,dc=tata,dc=toto,dc=fr
bindpw XXXXXX

scope sub

pam_filter objectclass=supannPerson

# We don't use the uid attribute to authenticate the users
nss_map_attribute uid iufmLogin

# Default options
port 389
timelimit 120
bind_timelimit 120
idle_timelimit 3600
uri ldap://
ssl no
tls_cacertdir /etc/openldap/cacerts
pam_password md5

- Here the nsswitch.conf file :

passwd:     files ldap
shadow:     files ldap
group:      files ldap

- Here the [global] section of the smb.conf (only the ldap options)


        # Parametres ldap
        ldap admin dn=cn=XXXXX,dc=tata,dc=toto,dc=fr
        ldap ssl = no
        # OLD directive ldap filter :
        #ldap filter = (&(iufmLogin=%u)(gecos=#*))


Anyone can help me with the use of the pam_filter option ?



More information about the samba mailing list