Thu, 15 Nov 2007

6:16 PM - LDAP

I think I might have written an entry about LDAP previously, however I feel that I should write a second entry.

I have successfully authenticated a MidnightBSD machine against an Mac OS X server (10.4.10). 

Ports needed:  nss_ldap, pam_ldap

Create a shared config file in /usr/local/etc
ldap.conf or nss_ldap.conf


# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
host YOURSERVERIP

# The distinguished name of the search base.
base dc=od,dc=cs,dc=emich,dc=edu
base dc=od,dc=cs,dc=emich,dc=edu
nss_base_passwd cn=users,dc=od,dc=cs,dc=emich,dc=edu?one
nss_base_shadow cn=users,dc=od,dc=cs,dc=emich,dc=edu?one
nss_base_group          cn=groups,dc=od,dc=cs,dc=emich,dc=edu?one


nsswitch.conf needs this:

group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
shadow: files ldap

There are also some things in pam.d

This is not "complete" by any means.  I was also able to nfs mount the home directories too.  There are some issues with X11 and locking in this setup but I haven't had time to refine the approach.

0 comments