nss_ldap on FreeBSD 5.3

Nathan Vidican nvidican at wmptl.com
Mon Nov 21 15:49:06 GMT 2005

Robert Fitzpatrick wrote:
> I find several docs on setting this up, but none pertaining to linux
> compat. Can anyone point me to some instructions for setting this up
> properly?
> --
> Robert
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
Um... actually VERY easy...

Step 1:   install nss_ldap & pam_ldap
2:        edit /usr/local/etc/nss_ldap.conf
	  edit /usr/local/etc/ldap.conf
	  edit /usr/local/etc/ldap.secret
3:	  edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', 
and 'passwd' (optionally) 'hosts' too.
4:	  do a quick 'ldapsearch -x' to make sure you are connecting/searching the 
correct ldap tree...
5:	  edit /etc/pam.d/<service> file(s) for which types of accounts you want to 
authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a 
line like:

auth            sufficient      /usr/local/lib/pam_ldap.so      try_first_pass

That should be it. Assuming your librairies are up to date, you have a valid 
db/tree in ldap you can connect and search... then you should be able to login 
right away.

Nathan Vidican
nvidican at wmptl.com
Windsor Match Plate & Tool Ltd.

More information about the freebsd-questions mailing list