From owner-freebsd-questions@FreeBSD.ORG Sun Feb 17 23:12:19 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 0A56416A417 for ; Sun, 17 Feb 2008 23:12:19 +0000 (UTC) (envelope-from darek@nyi.net) Received: from m.nyi.net (m.nyi.net [66.111.12.250]) by mx1.freebsd.org (Postfix) with SMTP id 91C5B13C447 for ; Sun, 17 Feb 2008 23:12:18 +0000 (UTC) (envelope-from darek@nyi.net) Received: (qmail 66952 invoked by uid 89); 17 Feb 2008 22:45:35 -0000 Received: from unknown (HELO ?192.168.0.2?) (24.184.49.86) by 0 with SMTP; 17 Feb 2008 22:45:35 -0000 Message-ID: <47B8B90D.4060609@nyi.net> Date: Sun, 17 Feb 2008 17:45:33 -0500 From: "Darek M." User-Agent: Thunderbird 2.0.0.9 (Windows/20071031) MIME-Version: 1.0 To: Jon Theil Nielsen References: <8f82c35c0802131110l7c678965qe6d0c3432f008254@mail.gmail.com> In-Reply-To: <8f82c35c0802131110l7c678965qe6d0c3432f008254@mail.gmail.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-questions@freebsd.org Subject: Re: LDAP user authentication? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Feb 2008 23:12:19 -0000 Jon Theil Nielsen wrote: > I have googled for a very long time, but I haven't found any useful > howto on this issue. Well, there is > http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html > but that seems to be a bit confusing an not up-to-date. I guess it > _should_ be possible - and indeed very useful (especially combinde > with Samba PDC and an easily maintainlable mail server). So please, if > you have any experiences or knowledge of a useful description..! > > Regards, > Jon Theil Nielsen At the risk of a thread-jack... how are home directories handled? Will 'user' have a home dir on the local system? I suppose once LDAP is set up properly, you can then create the home dir, then chown it 'user', with 'user' not being a local user and not in passwd/master.passwd files. So when you chown/chgrp, those commands go through pam/nss/ldap to retrieve the proper id and name from the LDAP server? For anyone that runs such a system, is there a delay when logging in or 'ls -l'ing an LDAP user's files, etc? Or is it unnoticeable if the network between them is resonably responsive? - Darek