From owner-freebsd-questions@FreeBSD.ORG  Thu May 25 07:33:56 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7A2BC16A41F
	for <freebsd-questions@freebsd.org>;
	Thu, 25 May 2006 07:33:56 +0000 (UTC)
	(envelope-from jshevland@rowantreesoftware.com.au)
Received: from www.rowantreesoftware.com.au (218-214-142-195.people.net.au
	[218.214.142.195])
	by mx1.FreeBSD.org (Postfix) with ESMTP id EEC4043D46
	for <freebsd-questions@freebsd.org>;
	Thu, 25 May 2006 07:33:55 +0000 (GMT)
	(envelope-from jshevland@rowantreesoftware.com.au)
Received: from [127.0.0.1] (unknown [10.10.0.250])
	by www.rowantreesoftware.com.au (Postfix) with ESMTP id 3D5BC11415
	for <freebsd-questions@freebsd.org>;
	Thu, 25 May 2006 18:36:01 +1000 (EST)
Message-ID: <44755DAD.50204@rowantreesoftware.com.au>
Date: Thu, 25 May 2006 17:33:01 +1000
From: Joe Shevland <jshevland@rowantreesoftware.com.au>
Organization: Rowantree Software Pty. Ltd.
User-Agent: Thunderbird 1.5.0.2 (Windows/20060308)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: nss_ldap and OpenLDAP client version
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 May 2006 07:33:56 -0000

Hi,

I'm about to setup my jails so they authenticate against the 'host' 
server using OpenLDAP and nss_ldap, pam_ldap and so on. I've done this 
before but wanted to repeat the process because last time it ended up 
being so much fiddling that when I finished I just left it alone - this 
time I'm documenting it :) I packaged up versions of the port for 
OpenLDAP 2.3 (well, actually 2.4 but that looks to just use 2.3 in any 
case) and then went to package up the nss_ldap port but its after 
OpenLDAP 2.2 stuff... I guess my question is whether this is intentional 
(i.e. security related), or just a port maintenance issue? I would've 
thought between 2.2->2.3 there's been a few security advisories... I 
only did a lazy lightning google and came across a few 
(http://www.frsirt.com/english/advisories/2005/0947) is perhaps one.

Anyway, just thought I'd check. As punishment, if this is a stupid 
question or has been answered before, happy to write up a tutorial as I 
go as penance.

Cheers
Joe