Re: [Nufw-users] NuAuth and the LDAP login attribute

nufw-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Nufw-users] NuAuth and the LDAP login attribute

From:	Eric Leblond
Subject:	Re: [Nufw-users] NuAuth and the LDAP login attribute
Date:	Sat, 23 Sep 2006 12:47:10 +0200

Hi,

First of all, could you subscribe to the list ? 

Le vendredi 22 septembre 2006 à 18:05 +0200, Christophe Nowicki a
écrit :
> Hi,
> 
> I've found an issue with the NuAuth and LDAP authentification.
> The LDAP attribut used for user authentification is hard coded in the
> source code :
> 
> Sep 22 17:51:13 ldap slapd[15650]: conn=1096 op=1 SRCH
> base="ou=people,dc=network,dc=com" scope=2 deref=0
> filter="(&(objectClass=NuAccount)(cn=cscm))"
> 
> As you can see, nuauth is using cn=<user_name> when looking for an user.
> But my company is using uid as an prefix. (uid=<user_name>).
> You should give the possibility to configure login attribut from the
> nuauth.conf file :
> 
>    ldap_login_attr=cn

This is a well known issue. In fact, user authentication in the ldap
module has to be used with the provided schema and when there is no
users directory available. The main issue is not about login attribut
but about group storage which is done in the user object and not in
separate objects.

If you want to interact with an existing LDAP directory, you should use
the system module and configure PAM to have nuauth authenticate via
LDAP.

BR,
-- 
Eric Leblond <address@hidden>
NuFW, Now User Filtering Works : http://www.nufw.org

signature.asc
Description: Ceci est une partie de message numériquement signée

[Prev in Thread]

Current Thread

[Next in Thread]

[Nufw-users] NuAuth and the LDAP login attribute, Christophe Nowicki, 2006/09/23
- Re: [Nufw-users] NuAuth and the LDAP login attribute, Eric Leblond <=

Prev by Date: [Nufw-users] NuAuth and the LDAP login attribute
Previous by thread: [Nufw-users] NuAuth and the LDAP login attribute
Index(es):
- Date
- Thread