Lists all of the journal entries for the day.

Mon, 22 Oct 2007

5:51 PM - The Miracle that is LDAP

It is possible to get a Mac OS X 10.4 Tiger Server (redundant) and a MidnightBSD (or FreeBSD) client to authenticate happily together.  The BSD box is the client in this case.

I'm still figuring out exactly what I need, but this tutorial helped

based on http://www.bresciani.ca/how-to/

install the nss_ldap and pam_ldap from ports

configure the conf file
vi /usr/local/etc/ldap.conf
(symlink this for nss_ldap.conf)

add the lines
#######################################################
host 192.168.0.4

base dc=ldap,dc=domain,dc=com

nss_base_passwd cn=users,dc=ldap,dc=domain,dc=com?one
nss_base_shadow cn=users,dc=ldap,dc=domain,dc=com?one
nss_base_group cn=groups,dc=ldap,dc=domain,dc=com?one

ldap_version 3
#######################################################
and make sure the file is readable by everyone or usernames will not get mapped.

modify /etc/nsswitch.conf by changing the following lines so they match below.
passwd: files ldap
shadow: files ldap
group: files ldap

A quick test at this point is to run the command getent group
to see if it is looking in ldap for users and groups. This assumes that users
and groups exist in ldap.

()

6:09 PM - more resources

http://linuxwiki.riverworth.com/index.php/LDAP_Authentication#Pluggable_Authentication_Modules

()