Date: Mon, 21 Nov 2005 10:49:04 -0500 From: Nathan Vidican <nvidican@wmptl.com> To: robert@webtent.com Cc: questions@freebsd.org Subject: Re: nss_ldap on FreeBSD 5.3 Message-ID: <4381EC70.8080408@wmptl.com> In-Reply-To: <1132587368.21646.11.camel@columbus.webtent.org> References: <1132587368.21646.11.camel@columbus.webtent.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Fitzpatrick wrote: > I find several docs on setting this up, but none pertaining to linux > compat. Can anyone point me to some instructions for setting this up > properly? > > -- > Robert > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > Um... actually VERY easy... Step 1: install nss_ldap & pam_ldap 2: edit /usr/local/etc/nss_ldap.conf edit /usr/local/etc/ldap.conf edit /usr/local/etc/ldap.secret 3: edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', and 'passwd' (optionally) 'hosts' too. 4: do a quick 'ldapsearch -x' to make sure you are connecting/searching the correct ldap tree... 5: edit /etc/pam.d/<service> file(s) for which types of accounts you want to authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a line like: auth sufficient /usr/local/lib/pam_ldap.so try_first_pass That should be it. Assuming your librairies are up to date, you have a valid db/tree in ldap you can connect and search... then you should be able to login right away. -- Nathan Vidican nvidican@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4381EC70.8080408>