On Wed, 9 Jan 2008 16:09:23 UTC, "Dave" wrote:

> Does anyone have freebsd 6 authenticating against openldap? I'd like to
> get my bsd boxes to do this, but i don't want to make all the first time
> mistakes when i do it, if someone could give me an outline i'd appreciate
> it. I know i'll need openldap 2.4 server and client, pam_ldap and nss_ldap,
> i've got that installed.

I've done some experiments but that's all so far. Two points:

1) I have the O'Reilly book, and even with that it's difficult! I fdo
have a colleague at work who is an X500/LDAP expert (in general) and may
end up conslulting him!

2) Gotcha. Quite a lot of stuff (e.g. Samba) has a dependency on the
LDAP client. This stops you installing the server. I fixed this by
altering the pkgtools.conf file to change the dependency on ldap-client
to be to ldap-server. I also forcibly removed ldap-client and installed
ldap-server.

--
Bob Eager
UNIX since v6..
http://tinyurl.com/2xqr6h

Bob Eager wrote:
> On Wed, 9 Jan 2008 16:09:23 UTC, "Dave" wrote:
>
>> Does anyone have freebsd 6 authenticating against openldap? I'd like to
>> get my bsd boxes to do this, but i don't want to make all the first time
>> mistakes when i do it, if someone could give me an outline i'd appreciate
>> it. I know i'll need openldap 2.4 server and client, pam_ldap and nss_ldap,
>> i've got that installed.
>
> I've done some experiments but that's all so far. Two points:
>
> 1) I have the O'Reilly book, and even with that it's difficult! I fdo
> have a colleague at work who is an X500/LDAP expert (in general) and may
> end up conslulting him!
>
> 2) Gotcha. Quite a lot of stuff (e.g. Samba) has a dependency on the
> LDAP client. This stops you installing the server. I fixed this by
> altering the pkgtools.conf file to change the dependency on ldap-client
> to be to ldap-server. I also forcibly removed ldap-client and installed
> ldap-server.
>

I have ldap authentication working on FreeBSD 6.2 and have had it for
some time, it works fine and I have not had any issues. Although I'm
not really using it, I was just experimenting with LDAP, I had a couple
of Mac OS X machines binding to the freebsd LDAP server for
authentication as well.

I used this procedure to get it up and working, I've been using it for
some time and have these versions of LDAP installed:

openldap-server-2.3.40
openldap-sasl-client-2.3.40
nss_ldap-1.257
pam_ldap-1.8.4

Here is the link to the procedure I used:

http://www.cultdeadsheep.org/FreeBSD...ini-HOWTO.html

I also modified passwd.c using this patch so that I could change ldap
passwords with /bin/passwd:

http://lists.freebsd.org/pipermail/f...er/008819.html

The webmin package is quite handy for building users in the LDAP database.

regards
John