Date: Mon, 17 Nov 2008 17:31:24 +0200 From: Jonathan McKeown <jonathan+freebsd-questions@hst.org.za> To: freebsd-questions@freebsd.org Subject: Re: host based authetication with OpenLDAP and FreeBSD Message-ID: <200811171731.24598.jonathan%2Bfreebsd-questions@hst.org.za> In-Reply-To: <491D6FF9.20208@zedat.fu-berlin.de> References: <491D6FF9.20208@zedat.fu-berlin.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Friday 14 November 2008 14:32, O. Hartmann wrote: > Hello, > I have a OT question and maybe some of the FreeBSD server admins here > can help me out. [snip] > Having nss_ldap and pam_ldap installed on every single FreeBSD > server/box which is capable of being accessed I found in etc/ldap.conf > the tags 'pam_filter' and 'pam_check_host_attr'. Setting latter to > 'yes' implies having the 'host' attribute in each user's object located > in OpenLDAP's DIT for the specific domain. But objectClass=account seems > to conflict with objectClass=organizationalPeople which is a must in our > configuration, so the host attribute is not of any further investigation. Did you not like the answer I gave you in April when you asked essentially the same question? http://lists.freebsd.org/pipermail/freebsd-questions/2008-April/174152.html For posterity (again) the extensibleObject auxiliary objectClass was introduced for precisely this reason - so that you could add any attribute the server knows about to an existing object which otherwise couldn't hold it.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200811171731.24598.jonathan%2Bfreebsd-questions>