Authentication with LDAP on DragonFly BSD
punosevac72 at gmail.com
Sat Jun 28 07:44:08 PDT 2014
John Marino <dragonflybsd at marino.st> wrote:
> On 6/28/2014 10:03, John Marino wrote:
> > On 6/28/2014 09:56, Francois Tigeot wrote:
> >> Hi,
> >> On Fri, Jun 27, 2014 at 11:56:30PM -0400, Predrag Punosevac wrote:
> >>> This is not a question but rather a short summary of what I have done to
> >>> enable authentication with LDAP on DragonFly BSD. Before you get too
> >>> excited I will tell you that I didn't manage to work but I feel it is
> >>> very close.
> >>> For the purpose of this exercise you will need the following packages
> >>> installed
> >> [...]
> >>> 3. net/nss_ldap
> >>> is needed but it is not in the packages and it is probably the reason I
> >>> can't get it to work.
> >> [...]
> >>> Step 6. Unfortunately it didn't work
> >>> backup1# id predrag
> >>> id: predrag: no such user
> >> This is bad. Some nss support library is indeed needed.
> >> I'm using nss-pam-ldapd instead of nss_ldap. The configuration file is a
> >> bit different but it's a far more reliable alternative IMHO.
I assume on DF? Could you please post short howto if authentication with
LDAP works on LDAP? I personally do not care one or another way (OpenBSD
uses ypldap and works like a charm). It was earlier suggested on this
mailing list that LDAP should the same way on DF as on Free or NetBSD.
Since I do not currently have any NetBSD machines I went FreeBSD way.
> >> For some reason, net/nss_ldap fails to build in the packaging environment:
> >> http://muscles.dragonflybsd.org/latest-failures/logs/errors/nss_ldap-1.265_10.log
> >> I have been able to build and install it locally from FreeBSD ports though.
> >> Something weird is going on here.
> > It doesn't look "weird" to me. I think DF needs kerberos added as a
> > dependency. FreeBSD has kerberos in base. This is probably a 1-line
> > fix with Makefile.DragonFly solution.
> Confirmed, all it needed was a 1-line fix:
> nss_ldap is in dports now.
Thanks John! I can confirm that it builds on DF. I chose no SASL flavor
(I hope I didn't make a mistake since I am utilizing TLS). Following
FreeBSD's how to I copy pam_ldap configuration file
/usr/local/etc/ldap.conf to nss_ldap configuration file
I put files ldap option into /etc/nsswitch.conf and restarted nsswitch
daemon but unfortunately
backup1# id predrag
id: predrag: no such user
I am afraid that this will require little bit of back trace-ing and
debugging to work.
More information about the Users