# LDAP setting up group restriction with pam_groupdn



## htandra (Dec 10, 2013)

Hi everyone,

I spent a lot of time and finally got a Freebsd FreeBSD LDAP client connected to Apple OD master. The basic authentication for all users is working.  I am able to ssh into the freebsd FreeBSD server with OD user accounts but I am unable to configure pam_groupdn to restrict authentication for members of a particular group. As per Freebsd FreeBSD documentation:


> if you have pam_groupdn cn=servername,ou=accessgroups,dc=example,dc=org
> in ldap.conf, then only members of that group will be able to log in. There are a few things to bear in mind, however.
> *Members of this group are specified in one or more memberUid attributes, and each attribute must have the full distinguished name of the member. So memberUid: someuser will not work; it must be: memberUid: uid=someuser,ou=people,dc=example,dc=org*



But Apple OD stores only UIDs in the memberUid field. Is there a workaround for this? If anyone has any ideas please let me know. I appreciate the help. 

Regards,
ht.


----------

