Date: Tue, 29 Apr 2008 10:07:44 +0000 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: freebsd-questions@freebsd.org Subject: OpenLDAP/FreeBSD: How to implement attribute HOST without STRUCTURAL account? Message-ID: <4816F370.6070706@zedat.fu-berlin.de>
next in thread | raw e-mail | index | archive | help
Hello out there, my question may sound a bit weird, but the situation is as follows: I use OpenLDAP 2.4 for authetication purposes within our lab's net and every user's account is of the objectclass 'posixAccount'. As we know, this class does not contain the attribute 'host', which belongs to structural class 'account' and both posixAccount and account are of type structural and therefore can not be mixed. For some first steps in host-based and LDAP-backed up logins I need to allow logins on several machines by looking at the host (I use PAM for both authtentication and accounting). Looking at /usr/local/etc/nss_ldap.conf (or simply ldap.conf) I find a tag pam_check_host_attr yes to be set when we want to use host based logins. But this does not work due to the above mentioned reasons. Is there a elegant workaround for this situation? Thanks in advance, Oliver --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4816F370.6070706>