LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Administering LDAP-UX Client Services
PAM_AUTHZ Login Authorization Enhancement
Chapter 4100
deny,
allow
unix_group A list of group name. It can be the
multi-valued field. Each value is a
character string that is separated by a
separator “,” (ASCII 2C HEX).
Example:
group1, group2, group3
deny,
allow
netgroup A list of netgroup name. It can be the
multi-valued field. Each value is a
character string that is separated by a
separator “,”(ASCII 2C HEX).
Example:
netgroup1, netgroup2, netgroup3
deny,
allow
ldap_group It is the Distinguished name of a ldap
group with groupofnames objectclass or
groupofuniquenames objectclass. It is a
single-valued field. No separator is
required. The syntax of DN is defined in
RFC2253.
Example:
cn=ldapgroup1,cn=groups,dc=mydomain,
dc=com
deny,
allow
ldap_filter It is a single search descriptor that
specifies one of more (attribute=value)
parirs. It is a single value field. Only one
search filter is allowed. No separator is
required. The syntax of DN is defined in
RFC2254.
Example:
(&(manager=Joeh)(department=sales))
Table 4-1 Field Syntax in an Access Rule (Continued)
<action> <type> <object>