On 03/08/2014 12:16 PM, Stéphane Guedon wrote: >> I am looking through logs and config since the beginning of the >> day... Actually, asking help on forums or mailing lists is always >> my last step in solving problems...
We try to help. But... giving detailed descriptions of the problem, and showing relevant configs and logs the first time, goes a long way to helping people help you. Reading manuals helps too. Among others, ypldap(8), ypldap.conf(5), login.conf(5), login_ldap(8) from ports, and whatever manuals for OpenLDAP. > But why can't I authenticate (using ssh or login) on the system ? Do I > really have to go through ypldap ? Sounds not efficient to have an > intermediate ! There are two separate mechanisms: how user information is looked up, and how users are authenticated. You provide zero details on how ypldap or login_ldap are configured, so it's hard to guess whether you have some configuration wrong. I can say it works for me. The user lookup is configured (via +:: entries in /etc/passwd and /etc/group) to use YP routines. Thus the user is looked up in ypldap when they attempt to login, which is configured to identify the user's login class as ldap. The ldap login class is configured in login.conf to authenticate via login_ldap talking to the LDAP server, which is configured to have the appropriate users. This is what I meant by "that's a lot more moving parts than just passwords in LDAP." -- Matthew Weigel hacker unique & idempot . ent
