From owner-freebsd-questions@FreeBSD.ORG  Wed Feb 25 10:14:21 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0339A106566B
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Feb 2009 10:14:21 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16])
	by mx1.freebsd.org (Postfix) with ESMTP id 626D38FC08
	for <freebsd-questions@freebsd.org>;
	Wed, 25 Feb 2009 10:14:20 +0000 (UTC) (envelope-from on@cs.ait.ac.th)
Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5])
	by mail.cs.ait.ac.th (8.13.1/8.13.1) with ESMTP id n1PABQUA087918
	(version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO);
	Wed, 25 Feb 2009 17:11:26 +0700 (ICT)
	(envelope-from on@banyan.cs.ait.ac.th)
Received: (from on@localhost)
	by banyan.cs.ait.ac.th (8.14.2/8.12.11) id n1PAE8s6014843;
	Wed, 25 Feb 2009 17:14:08 +0700 (ICT)
Date: Wed, 25 Feb 2009 17:14:08 +0700 (ICT)
Message-Id: <200902251014.n1PAE8s6014843@banyan.cs.ait.ac.th>
From: Olivier Nicole <on@cs.ait.ac.th>
To: on@cs.ait.ac.th
In-reply-to: <200902230937.n1N9bJ9l016999@banyan.cs.ait.ac.th> (message from
	Olivier Nicole on Mon, 23 Feb 2009 16:37:19 +0700 (ICT))
References: <200902230937.n1N9bJ9l016999@banyan.cs.ait.ac.th>
X-Virus-Scanned: on CSIM by amavisd-milter (http://www.amavis.org/)
Cc: freebsd-questions@freebsd.org
Subject: Re: LDAP pam
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Feb 2009 10:14:21 -0000

Hi,

Could someone confirm my understanding:

1) things like getent(1), getpwnam(3) use:
   /etc/nsswitch
   /usr/local/etc/nss_ldap.conf

2) things like sshd, with pam_ldap use:
   /usr/local/etc/ldap.conf

So if I have different filter in /usr/local/etc/nss_ldap.conf and
/usr/local/etc/ldap.conf I can have a different list of users that
would apply to getent and sshd.

The purpose is to have all the users listed in getent, but only some
allowed to login into the machine.

TIA,

Olivier