openldap authentication on DragonFly BSD
punosevac72 at gmail.com
Tue Nov 26 20:14:28 PST 2013
Dan Cross <crossd at gmail.com> wrote:
> On Tue, Nov 26, 2013 at 7:59 PM, Justin Sherrill <justin at shiningsilence.com>
> > On Sun, Nov 24, 2013 at 9:30 PM, Predrag Punosevac <punosevac72 at gmail.com>
> >> I was wondering if somebody could point me to documentation explaining
> >> how to configure DragonFly BSD to authenticate its users vis LDAP
> >> server. I will briefly describe LDAP requirement.
> > DragonFly compiles /bin and /sbin as static binaries, which is good if
> you are worried about a problem making /usr unavailable. However, nss/pam
> assume you have dynamic binaries and use that to load libraries, so that
> can't be used - yet. There's been some discussion of it previously,
> including today on IRC #dragonfly, and some work there, but it isn't yet
> set up.
> > I may have some of the details wrong - someone can correct me if so. I
> could certainly use it.
> I can't comment on the correctness, but this is one thing I kind of thing
> OpenBSD gets right with their login_* framework: rather than link against
> something, just use a separate binary to do the authentication. PAM always
> struck me as a solution looking for a wrong problem.
> - Dan C.
An alternative approach would be System Security Services Daemon (SSSD)
from Red Hat. I have not compared to SSSD to OpenBSD's ypldapd much but
it was breeze to set up and works so far really well.
More information about the Users