Bug 782969 - Allow for simple username in pam_member_attribute
Summary: Allow for simple username in pam_member_attribute
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: nss_ldap
Version: 5.8
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: BaseOS QE Security Team
URL: http://bugzilla.padl.com/show_bug.cgi...
Whiteboard:
Depends On:
Blocks: 784707
TreeView+ depends on / blocked
 
Reported: 2012-01-19 00:11 UTC by Emerson Kfuri
Modified: 2012-03-21 22:44 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 784707 (view as bug list)
Environment:
Last Closed: 2012-03-21 22:44:53 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Joerg Dorchain's patch to handle with a non-dn member (2.35 KB, patch)
2012-01-19 00:11 UTC, Emerson Kfuri 		no flags Details | Diff
View All

Description Emerson Kfuri 2012-01-19 00:11:15 UTC 
Created attachment 556141 [details]
Joerg Dorchain's patch to handle with a non-dn member

The value of pam_member_attribute is always compared to a DN. If the value is for example memberUid (posixGroup), the comparison should be made ​​with the username.

I found this patch in Debian forum that allows the administrator to choose whether to make the comparison by DN or username.

Ref.: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341541

I think it would be interesting to incorporate this solution in nss_ldap on RHEL.

Thank you for your attention

Emerson Kfuri
Comment 1 Nalin Dahyabhai 2012-01-25 21:21:00 UTC 
At this stage in the lifetime of RHEL 5, I don't know that we're going to add new features to this package, but I'll clone it for the later release.
Comment 2 RHEL Program Management 2012-03-21 22:44:53 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.
Note You need to log in before you can comment on or make changes to this bug.