Date: Wed, 20 Jan 2016 10:56:33 +0100 From: "O. Hartmann" <ohartman@zedat.fu-berlin.de> To: freebsd-questions <freebsd-questions@freebsd.org> Subject: OpenLDAP: using FreeBSD's /etc/login.conf attributes with external LDAP users? Message-ID: <20160120105633.602dd290@freyja.zeit4.iv.bundesimmobilien.de>
next in thread | raw e-mail | index | archive | help
Using lates net/openldap24-server with FreeBSD as server and login target for several users results in a problem. Via attribute :rquirehome: in /etc/login.conf (i.e. added to class "standard") one can prevent users from login without a valid home directory. Otherwise a user with a valid LDAP entry will end up in "/". I'd like to add a standard class for any user log in (via ssh) on that specific server (only administrative staff has local logins in /etc/passwd, all users are located in LDAP DIT). I searched the net for solutions and found one suggesting reverting the "default" behaviour to have :requirehome: and use another class for all users local in /etc/master.passwd (i.e. "privileged") - but this seems somehow odd and in a hurry, updating software or similar, new facility users, like the recently added user "_ypldap" will end up in the default class with prerquisited a daemon will fail with. I think this could be too much of a trap/pitfall. So, the question is whether there is a more elegant/semantic way to do so. Please CC me, I do not subscribe this list, thanks in advance and kind regards, Oliver
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160120105633.602dd290>