Hi,
Just looking for confirmation: Anyone using fedora core 1 with 'pam_groupdn' enabled in the ldap.conf file? I've used this before on RH 9 without a problem, but now I'm not even seeing any searches going to my LDAP server at all with regard to the value in pam_groupdn. It's as if the value is being completely ignored. No errors either.
No help with pam_groupdn, but if what you're trying to accomplish is, for example, to only allow administrative ssh access to a server, you might want to try something like the following instead:
Add the following line into /etc/pam.d/sshd account required pam_access.so
(also into telnetd and any other services you want to restrict)
Add the following list to /etc/security/access.conf -:ALL EXCEPT wheel itgroup:ALL
Where 'itgroup' is a POSIX group containing your allowed users, possibly stored in LDAP.
I dimly recall playing with pam_groupdn for awhile then abandoning those efforts in favor of this approach.
