You are building a server which will authenticate users using the pam_ldap module. In addition to possessing a valid account, you only want to allow logins by users who are members of a certain group. Which parameter in ldap.conf will allow you to specify a filter string to be ANDed with the login attribute when validating a user? (Enter only the parameter without any options or values)
Answer: PAM_FILTER
Wrong !
Can you explain why?
It’s correct … pam_filter objectClass=posixAccount is ANded with pam_login_attribute uid … to select the user.
Both nss_ldap and pam_ldap use the /etc/ldap.conf to connect with slapd.
pam_filter is correct!
(Enter only the parameter without any options or values)
I choose