On Thu, 11 Oct 2007, Jorge Delacruz wrote:

>   Anyone ever hear of such a module or means that will reject logins if 
> a user is not in the right group?  The users are authenticated against 
> LDAP, not local files.  This is an access control (authorization) issue, 
> not an authentication issue.

If you are using ssh server for logins, have a look at OpenSSH's 
DenyGroups and AllowGroups configurations. OpenSSH uses getpwnam(3) to get 
the details for the user to-be logged in.

So use nsswitch to use ldap for group (and other databases). Also setup 
PAM to use pam_ldap.so also.

  Jeremy C. Reed
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss