files before ldap in nsswitch.conf
ccowart at rescomp.berkeley.edu
Mon Nov 24 16:08:59 PST 2008
Gerhard Schmidt wrote:
> I'm setting up a new FreeBSD Server for out local Computer club. Most of
> the users are stored in LDAP and I've installed nss_ldap and pam_ldap
> and set up both. Everything works so far with nsswitch.conf
> entry passwd: ldap files.
> When I try passwd: files ldap the login doesn't work anymore because the
> LDAP_Server is never asked.
The act of logging in is managed by /etc/pam.d/*, not
/etc/nsswitch.conf. If `ls -l` works, you've got NSS configured
> I tried this to optimize the LDAP requests as the service users are in
> the local files. This would speed up the boot process and takes some
> load off the LDAP-Server.
> Is there a way to configure FreeBSD to look first in the local files and
> if a user isn't found in the LDAP-Server.
This is my /etc/nsswitch.conf:
| group: files ldap
| hosts: files dns
| networks: files
| passwd: files ldap
| shells: files
auth sufficient pam_unix.so no_warn
auth required /usr/local/lib/pam_ldap.so no_warn use_first_pass
My guess is you used required for both modules, which would require
authentication to succeed against both user databases.
> And another question. Is there a way to use two different LDAP-Servers
> e.g. by calling nss_ldap with different config files.
What's your goal? We have two different LDAP providers with different
subtrees that get "glued" together by a DNS round-robin of LDAP consumers.
This round-robin provides a single, unified view of our directory to all
our LDAP clients.
Network Technical Lead
Network & Infrastructure Services, RSSP-IT
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 833 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20081125/ef7d06b1/attachment.pgp
More information about the freebsd-questions