Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 5 product line. The current stable release is 5.10. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 782969

Summary: Allow for simple username in pam_member_attribute
Product: Red Hat Enterprise Linux 5 Reporter: Emerson Kfuri <emersonkfuri>
Component: nss_ldapAssignee: Nalin Dahyabhai <nalin>
Status: CLOSED WONTFIX QA Contact: BaseOS QE Security Team <qe-baseos-security>
Severity: medium Docs Contact:
Priority: unspecified    
Version: 5.8CC: dpal, jhrozek, jplans, prc
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://bugzilla.padl.com/show_bug.cgi?id=238
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 784707 (view as bug list) Environment:
Last Closed: 2012-03-21 22:44:53 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 784707    
Attachments:
Description Flags
Joerg Dorchain's patch to handle with a non-dn member none

Description Emerson Kfuri 2012-01-19 00:11:15 UTC 
Created attachment 556141 [details]
Joerg Dorchain's patch to handle with a non-dn member

The value of pam_member_attribute is always compared to a DN. If the value is for example memberUid (posixGroup), the comparison should be made ​​with the username.

I found this patch in Debian forum that allows the administrator to choose whether to make the comparison by DN or username.

Ref.: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341541

I think it would be interesting to incorporate this solution in nss_ldap on RHEL.

Thank you for your attention

Emerson Kfuri
Comment 1 Nalin Dahyabhai 2012-01-25 21:21:00 UTC 
At this stage in the lifetime of RHEL 5, I don't know that we're going to add new features to this package, but I'll clone it for the later release.
Comment 2 RHEL Program Management 2012-03-21 22:44:53 UTC 
Development Management has reviewed and declined this request.
You may appeal this decision by reopening this request.