Authentication with LDAP on DragonFly BSD

Predrag Punosevac punosevac72 at gmail.com
Sat Jun 28 07:44:08 PDT 2014


John Marino <dragonflybsd at marino.st> wrote:

> On 6/28/2014 10:03, John Marino wrote:
> > On 6/28/2014 09:56, Francois Tigeot wrote:
> >> Hi,
> >>
> >> On Fri, Jun 27, 2014 at 11:56:30PM -0400, Predrag Punosevac wrote:
> >>> This is not a question but rather a short summary of what I have done to
> >>> enable authentication with LDAP on DragonFly BSD. Before you get too
> >>> excited I will tell you that I didn't manage to work but I feel it is
> >>> very close.
> >>>
> >>> For the purpose of this exercise you will need the following packages
> >>> installed
> >> [...]
> >>> 3.  net/nss_ldap
> >>>
> >>> is needed but it is not in the packages and it is probably the reason I
> >>> can't get it to work.
> >> [...]
> >>> Step 6. Unfortunately it didn't work
> >>>
> >>> backup1# id predrag
> >>> id: predrag: no such user
> >>
> >> This is bad. Some nss support library is indeed needed.
> >>
> >> I'm using nss-pam-ldapd instead of nss_ldap. The configuration file is a
> >> bit different but it's a far more reliable alternative IMHO.
> >>

I assume on DF? Could you please post short howto if authentication with
LDAP works on LDAP? I personally do not care one or another way (OpenBSD
uses ypldap and works like a charm). It was earlier suggested on this
mailing list that LDAP should the same way on DF as on Free or NetBSD.
Since I do not currently have any NetBSD machines I went FreeBSD way.



> >> For some reason, net/nss_ldap fails to build in the packaging environment:
> >> http://muscles.dragonflybsd.org/latest-failures/logs/errors/nss_ldap-1.265_10.log
> >>
> >> I have been able to build and install it locally from FreeBSD ports though.
> >> Something weird is going on here.
> > 
> > It doesn't look "weird" to me.  I think DF needs kerberos added as a
> > dependency.  FreeBSD has kerberos in base.  This is probably a 1-line
> > fix with Makefile.DragonFly solution.
> > 
> 
> 
> Confirmed, all it needed was a 1-line fix:
> http://gitweb.dragonflybsd.org/dports.git/commit/e9d7793c5ed03b1ba0a044d2a04e07be44524d1b
> 
> nss_ldap is in dports now.
> John

Thanks John! I can confirm that it builds on DF. I chose no SASL flavor
(I hope I didn't make a mistake since I am utilizing TLS). Following
FreeBSD's how to I copy pam_ldap configuration file
/usr/local/etc/ldap.conf  to nss_ldap configuration file
/usr/local/etc/nss_ldap.conf.

I put files ldap option into /etc/nsswitch.conf and restarted nsswitch
daemon but unfortunately 

backup1# id predrag
id: predrag: no such user

I am afraid that this will require little bit of back trace-ing and
debugging to work.

Predrag




More information about the Users mailing list