# NSS-PAM-LDAPd (nslcd)



## Leander (Sep 10, 2014)

Hi,

I'm trying to manipulate the LDAP shell attribute of a posix account user if in a certain group

Pseudo code would look like:

```
if ( $USER is not in group SYS_LOGIN); then
    shell=/usr/sbin/nologin
fi
```

Or more specific for /usr/local/etc/nslcd.conf

```
map shell=/usr/sbin/nologin !(&(objectClass=posixGroup)(cn=${SERVERNAME,,})(memberUid=\$username))
```

I was hoping the parameters filter or map would be helpful with this .. but I'm totally in the dark with this thus far 
Any help would be appreaciated

Thanks


----------

