From owner-freebsd-questions@FreeBSD.ORG Fri Feb 15 03:07:58 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A308216A419 for ; Fri, 15 Feb 2008 03:07:58 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: from chen.org.nz (chen.org.nz [202.89.146.5]) by mx1.freebsd.org (Postfix) with ESMTP id 45BA113C4E8 for ; Fri, 15 Feb 2008 03:07:58 +0000 (UTC) (envelope-from jonc@chen.org.nz) Received: by chen.org.nz (Postfix, from userid 1000) id EDEAE28531; Fri, 15 Feb 2008 16:07:56 +1300 (NZDT) Date: Fri, 15 Feb 2008 16:07:56 +1300 From: Jonathan Chen To: Olivier Nicole Message-ID: <20080215030756.GA51136@osiris.chen.org.nz> References: <8f82c35c0802131110l7c678965qe6d0c3432f008254@mail.gmail.com> <000301c86ed2$17177560$0200a8c0@satellite> <8f82c35c0802140420w57a1d5dfpd12b86e57efd585d@mail.gmail.com> <200802150245.m1F2jN6A013811@banyan.cs.ait.ac.th> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200802150245.m1F2jN6A013811@banyan.cs.ait.ac.th> User-Agent: Mutt/1.4.2.3i Cc: jontheil@gmail.com, freebsd-questions@freebsd.org Subject: Re: LDAP user authentication? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 15 Feb 2008 03:07:58 -0000 On Fri, Feb 15, 2008 at 09:45:23AM +0700, Olivier Nicole wrote: > Hi, > > > >I have googled for a very long time, but I haven't found any useful > > > howto on this issue. Well, there is > > > http://www.cultdeadsheep.org/FreeBSD/docs/Quick_and_dirty_FreeBSD_5_x_and_nss_ldap_mini-HOWTO.html > > > but that seems to be a bit confusing an not up-to-date. I guess it > > > _should_ be possible - and indeed very useful (especially combinde > > > with Samba PDC and an easily maintainlable mail server). So please, if > > I read through the link you gave. My first impression is: > > - pam-ldap is used for authentication: allow the user to login to the > machine > > - nss-ldap is used by the system when it needs to resolve things like > gid<->group name, user home directory, etc. > > I will give it a try soon. > > Though I am looking one step ahead, how to allow a user to > authenticate to this machine and not that machine, using the same ldap > directory. This can be done by setting "pam_check_host_attr" in ldap.conf for pam_ldap. Cheers. -- Jonathan Chen ----------------------------------------------------------------------- "One, with God, is always a majority, but many a martyr has been burned at the stake while the votes were being counted." -- Thomas B. Reed