From owner-freebsd-questions@freebsd.org Wed Jan 20 09:56:42 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 114A4A8AA11 for ; Wed, 20 Jan 2016 09:56:42 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id CD49A1C9F for ; Wed, 20 Jan 2016 09:56:41 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) for freebsd-questions@freebsd.org with esmtp (envelope-from ) id <1aLpVH-002Wlw-6U>; Wed, 20 Jan 2016 10:56:39 +0100 Received: from p578a69f9.dip0.t-ipconnect.de ([87.138.105.249] helo=freyja.zeit4.iv.bundesimmobilien.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) for freebsd-questions@freebsd.org with esmtpsa (envelope-from ) id <1aLpVH-001ofu-0V>; Wed, 20 Jan 2016 10:56:39 +0100 Date: Wed, 20 Jan 2016 10:56:33 +0100 From: "O. Hartmann" To: freebsd-questions Subject: OpenLDAP: using FreeBSD's /etc/login.conf attributes with external LDAP users? Message-ID: <20160120105633.602dd290@freyja.zeit4.iv.bundesimmobilien.de> Organization: FU Berlin X-Mailer: Claws Mail 3.13.1 (GTK+ 2.24.29; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Originating-IP: 87.138.105.249 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jan 2016 09:56:42 -0000 Using lates net/openldap24-server with FreeBSD as server and login target for several users results in a problem. Via attribute :rquirehome: in /etc/login.conf (i.e. added to class "standard") one can prevent users from login without a valid home directory. Otherwise a user with a valid LDAP entry will end up in "/". I'd like to add a standard class for any user log in (via ssh) on that specific server (only administrative staff has local logins in /etc/passwd, all users are located in LDAP DIT). I searched the net for solutions and found one suggesting reverting the "default" behaviour to have :requirehome: and use another class for all users local in /etc/master.passwd (i.e. "privileged") - but this seems somehow odd and in a hurry, updating software or similar, new facility users, like the recently added user "_ypldap" will end up in the default class with prerquisited a daemon will fail with. I think this could be too much of a trap/pitfall. So, the question is whether there is a more elegant/semantic way to do so. Please CC me, I do not subscribe this list, thanks in advance and kind regards, Oliver