Date: Sat, 13 Mar 2004 20:11:44 +0100 From: Antoine Jacoutot <ajacoutot@lphp.org> To: peo@intersonic.se Cc: freebsd-questions@freebsd.org Subject: Re: nss_ldap/pam_ldap, what am I missing? Message-ID: <200403132011.44445.ajacoutot@lphp.org> In-Reply-To: <40534413.2010805@intersonic.se> References: <4051DBE9.2010002@intersonic.se> <1079119055.40520ccf3007c@webmail.lphp.org> <40534413.2010805@intersonic.se>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 13 March 2004 18:25, Per olof Ljungmark wrote: > If you have a similar setup working I am very interested in how it was > accomplished. Allright, so here is my setup if it can help you; note that I'm using ldap over SSL with key files. server: # /usr/local/etc/ldap.conf uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/ base dc=domain,dc=com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org pam_password ssha nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one # /usr/local/etc/nss_ldap.conf uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/ base dc=domain,dc=com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one client: # /usr/local/etc/ldap.conf base dc=domain,dc=com uri ldaps://server.domain.com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org pam_password ssha nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one ssl on tls_checkpeer yes tls_cacertfile /usr/local/etc/openldap/cacert.pem # /usr/local/etc/nss_ldap.conf base dc=domain,dc=com uri ldaps://server.domain.com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one ssl on tls_checkpeer yes tls_cacertfile /usr/local/etc/openldap/cacert.pem common (client+server): # /etc/nsswitch.conf passwd: files ldap group: files ldap # /etc/pam.d/ldap auth sufficient /usr/local/lib/pam_ldap.so # /etc/pam.d/system auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth include ldap auth required pam_unix.so no_warn try_first_pass nullok account required pam_login_access.so account required pam_unix.so session required pam_lastlog.so no_fail password required pam_unix.so no_warn try_first_pass
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200403132011.44445.ajacoutot>