On 2014-03-08, Stéphane Guedon <steph...@22decembre.eu> wrote:
> Notably, the user fails to auth and do login (with openbsd login
> system AND webpages) eventhough password is correct according to ldap
> itself !
How are you doing ldap authentication? (i.e. what software are you
using, and how does it authenticate? attempt binding as the user trying
to login, or looking up the password via a high-privileged account?
I'm using login-ldap from packages for ldap password auth, this works
fine for me against passwords stored in openldap.
I have this in login.conf:
ldap:\
:auth=-ldap:\
:x-ldap-server=127.0.0.1:\
:x-ldap-timeout=5:\
:x-ldap-basedn=ou=user,dc=exaple,dc=com:\
:x-ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\
:tc=default:
and set the login class to "ldap" on accounts which should use this as their
password source (e.g. class is the 5th field in master.passwd if using
statically configured accounts with ldap passwords, or 'fixed attribute
class "ldap"' in ypldap.conf if doing it that way).
