Hi,
we are using the "historical" configuration but we do not use the CLI/UI tools to make the changes. Our installation and configuration automated process uses ldapmodify with .ldif to configure all the necessary plugins and parameters.
Our config :
cn=PAM Pass Through Auth,cn=plugins,cn=config
...
nsslapd-pluginEnabled: on
nsslapd-pluginloadglobal: true
nsslapd-plugin-depends-on-type: database
pamMissingSuffix: ALLOW
pamExcludeSuffix: cn=config
pamIDMapMethod: ENTRY
pamIDAttr: uid
pamFallback: TRUE
pamSecure: TRUE
pamService: ldapserver
But it's absolutely not a problem if you change it to "child entry only" configuration placement, we will just need to change several lines of installation scripts.
Thanks for the heads up!
----- Mail original -----
> De: "General discussion list for the 389 Directory server, project." <389-users@lists.fedoraproject.org>
> À: "General discussion list for the 389 Directory server, project." <389-users@lists.fedoraproject.org>
> Cc: "Mark Reynolds" <mareynol@redhat.com>
> Envoyé: Mardi 20 Mai 2025 20:09:51
> Objet: [389-users] How are you using the PAM PTA plugin? Survey
> Hi Everyone,
>
> We are curious how everyone is using the PAM PTA plugin. There are
> basically two ways to configure the plugin, and they somewhat conflict
> with one another. Previous to 2012 you could only configure the plugin
> through the main plugin entry under cn=config:
>
> cn=PAM Pass Through Auth,cn=plugins,cn=config
>
> But after 2012 we added "config" child entries under the main plugin entry:
>
> cn=config, cn=PAM Pass Through Auth,cn=plugins,cn=config
>
> For backwards compatibility we still allowed users to use the main
> plugin entry although the child entry approach is what we wanted to use
> moving forward. So we've had this dual configuration approach and the
> CLI/UI weren't handling both correctly. Anyway we'd like to make this
> consistent and only allow the child entry config, but we'd like to know
> how everyone is using the PAM PTA plugin. Are you using the main config
> entry, or are you using the child entry approach?
>
> Thanks in advance for sharing your input!
>
> --
> Identity Management Development Team
>
> --
> _______________________________________________
> 389-users mailing list -- 389-users@lists.fedoraproject.org
> To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
_______________________________________________
389-users mailing list -- 389-users@lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproject.org
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
No comments:
Post a Comment