nss_ldap on FreeBSD 5.3

Robert Fitzpatrick robert at webtent.com
Mon Nov 21 17:49:46 GMT 2005

On Mon, 2005-11-21 at 10:49 -0500, Nathan Vidican wrote:
> Robert Fitzpatrick wrote:
> > I find several docs on setting this up, but none pertaining to linux
> > compat. Can anyone point me to some instructions for setting this up
> > properly?
> Um... actually VERY easy...
> Step 1:   install nss_ldap & pam_ldap
> 2:        edit /usr/local/etc/nss_ldap.conf
> 	  edit /usr/local/etc/ldap.conf
> 	  edit /usr/local/etc/ldap.secret
> 3:	  edit /etc/nssswitch.conf, change from 'files' to 'files ldap' for 'group', 
> and 'passwd' (optionally) 'hosts' too.
> 4:	  do a quick 'ldapsearch -x' to make sure you are connecting/searching the 
> correct ldap tree...
> 5:	  edit /etc/pam.d/<service> file(s) for which types of accounts you want to 
> authenticate. ie: system, login, ftp, ssh, other, etc... should have to add a 
> line like:
> auth            sufficient      /usr/local/lib/pam_ldap.so      try_first_pass

Thanks, that was easy, I was just missing the part about nss_ldap.conf,
I didn't realize there was a separate file for nss. I have the logins
working with gnome well, but I noticed once I login as an LDAP user, I
cannot su to root in terminal session...

robert at felipa$ su
su: Sorry
robert at felipa$

Can someone point out why this happens?


More information about the freebsd-questions mailing list