Groups authentication with PAM_LDAP

[Stephan Cohen]

Hello all,

I'm trying to setup group authentication under pam_ldap.
My users are located in a LDAP directory, which is represented below:

dc=acme,dc=org
ou=groups
cn=group1
gid=501
cn=group2
gid=502
ou=users
cn=user1_cn
uid=user1
password=secret1
homedirectory=/home/user1/
gidnumber=501
cn=user2_cn
uid=user2
password=secret2
homedirectory=/home/user2/
gidnumber=502

I'm using nss_ldap and pam_ldap in order to match the login and
password, from the directory (I map the attributes to find them in the
good tree).

I would like to set up the authantication by groups (and put the
parameters in each server), in order to have:
user 1: can access to 0 server
user 2: can access serv1 and serv2
user 3: can access serv1

Does anyone has an idea ?

I've tried to set up the "pam_require" module, who would do exactly
what I need, but it doesn't work at all (I've checked the compilation,
and if I remove the module from my /etc/security directory, I've got
an error, but otherwise, it seems transparent).

here is the copy form my /etc/pam.d/ssh file:
auth required /lib/security/pam_securetty.so
auth required /lib/security/pam_nologin.so
auth sufficient /lib/security/pam_ldap.so
auth required /lib/security/pam_unix_auth.so try_first_pass

account sufficient /lib/security/pam_ldap.so
account required /lib/security/pam_unix_acct.so
account required /lib/security/pm_require.so user1

password required /lib/security/pam_cracklib.so
#password required /lib/security/pam_ldap.so
password sufficient /lib/security/pam_ldap.so
password required /lib/security/pam_pwdb.so use_first_pass

session required /lib/security/pam_unix_session.so
#session optional /lib/security/pam_console.so

I'm working under:
Lunix Red Hat 8.0, pam_ldap, nss_ldap, pam_require 0.2

Thanks to all

Stéphan