On Fri, Jan 09, 2015 at 09:00:53AM +0100, Steffen Kaiser wrote:
The deny=yes is a special syntax: If this passdb matches -> deny, there is no ExtraField "deny".
Thanks for your answer. That's what I thought after my tests. This explains why I was still able to log in...
but keep in mind that you do not "deny" an user knowingly, but that this user is not found. The semantic is different.
I know, I thought about that. But still what could be the unwanted side effects ?
What you could try - I do not remember anybody posting something like this -
- is to combine a ldap passdb with deny=yes.
I thought about that too, but that would mean setting up another LDAP directory, which I find a little bit overkill.
Thanks.
-- Thomas Hummel | Institut Pasteur hummel@pasteur.fr | Groupe Exploitation et Infrastructure