Date: Fri, 15 Feb 2008 16:07:56 +1300 From: Jonathan Chen <jonc@chen.org.nz> To: Olivier Nicole <on@cs.ait.ac.th> Cc: jontheil@gmail.com, freebsd-questions@freebsd.org Subject: Re: LDAP user authentication? Message-ID: <20080215030756.GA51136@osiris.chen.org.nz> In-Reply-To: <200802150245.m1F2jN6A013811@banyan.cs.ait.ac.th> References: <8f82c35c0802131110l7c678965qe6d0c3432f008254@mail.gmail.com> <000301c86ed2$17177560$0200a8c0@satellite> <8f82c35c0802140420w57a1d5dfpd12b86e57efd585d@mail.gmail.com> <200802150245.m1F2jN6A013811@banyan.cs.ait.ac.th>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Feb 15, 2008 at 09:45:23AM +0700, Olivier Nicole wrote: > Hi, > > > >I have googled for a very long time, but I haven't found any useful > > > howto on this issue. Well, there is > > > http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html > > > but that seems to be a bit confusing an not up-to-date. I guess it > > > _should_ be possible - and indeed very useful (especially combinde > > > with Samba PDC and an easily maintainlable mail server). So please, if > > I read through the link you gave. My first impression is: > > - pam-ldap is used for authentication: allow the user to login to the > machine > > - nss-ldap is used by the system when it needs to resolve things like > gid<->group name, user home directory, etc. > > I will give it a try soon. > > Though I am looking one step ahead, how to allow a user to > authenticate to this machine and not that machine, using the same ldap > directory. This can be done by setting "pam_check_host_attr" in ldap.conf for pam_ldap. Cheers. -- Jonathan Chen <jonc@chen.org.nz> ----------------------------------------------------------------------- "One, with God, is always a majority, but many a martyr has been burned at the stake while the votes were being counted." -- Thomas B. Reed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20080215030756.GA51136>