6:16 PM - LDAP
I think I might have written an entry about LDAP previously, however I feel that I should write a second entry.
I have successfully authenticated a MidnightBSD machine against an Mac OS X server (10.4.10).
Ports needed: nss_ldap, pam_ldap
Create a shared config file in /usr/local/etc
ldap.conf or nss_ldap.conf
# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
host YOURSERVERIP
# The distinguished name of the search base.
base dc=od,dc=cs,dc=emich,dc=edu
base dc=od,dc=cs,dc=emich,dc=edu
nss_base_passwd cn=users,dc=od,dc=cs,dc=emich,dc=edu?one
nss_base_shadow cn=users,dc=od,dc=cs,dc=emich,dc=edu?one
nss_base_group cn=groups,dc=od,dc=cs,dc=emich,dc=edu?one
nsswitch.conf needs this:
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
shadow: files ldap
There are also some things in pam.d
This is not "complete" by any means. I was also able to nfs mount the home directories too. There are some issues with X11 and locking in this setup but I haven't had time to refine the approach.
I have successfully authenticated a MidnightBSD machine against an Mac OS X server (10.4.10).
Ports needed: nss_ldap, pam_ldap
Create a shared config file in /usr/local/etc
ldap.conf or nss_ldap.conf
# Your LDAP server. Must be resolvable without using LDAP.
# Multiple hosts may be specified, each separated by a
# space. How long nss_ldap takes to failover depends on
# whether your LDAP client library supports configurable
# network or connect timeouts (see bind_timelimit).
host YOURSERVERIP
# The distinguished name of the search base.
base dc=od,dc=cs,dc=emich,dc=edu
base dc=od,dc=cs,dc=emich,dc=edu
nss_base_passwd cn=users,dc=od,dc=cs,dc=emich,dc=edu?one
nss_base_shadow cn=users,dc=od,dc=cs,dc=emich,dc=edu?one
nss_base_group cn=groups,dc=od,dc=cs,dc=emich,dc=edu?one
nsswitch.conf needs this:
group: files ldap
group_compat: nis
hosts: files dns
networks: files
passwd: files ldap
passwd_compat: nis
shells: files
shadow: files ldap
There are also some things in pam.d
This is not "complete" by any means. I was also able to nfs mount the home directories too. There are some issues with X11 and locking in this setup but I haven't had time to refine the approach.
0 comments