Gerardo Santana Gsmez Garrido wrote:
2007/8/29, Joachim Schipper <[EMAIL PROTECTED]>:
On Tue, Aug 28, 2007 at 09:45:01PM +0200, Marc Balmer wrote:
Joachim Schipper wrote:
P.S. One more issue: you *do* realize that getting OpenBSD to
authenticate against LDAP is not entirely trivial, right? This might be
a serious problem if the LDAP system is to handle network-wide logins...
OpenBSD can not authenticat against an LDAP server. Well, stricly speaking
it can, but you have duplicate all accounts on OpenBSD. So realistically
it can't.
Yes, that's what I meant. Sorry for being so oblique, but I presumed the
original poster was aware of this issue.
Mind you, duplicating all accounts on OpenBSD isn't actually impossible
in almost all sane circumstances - it's just that you lose most of the
benefits of LDAP.
Joachim
I haven't setup an LDAP server on OpenBSD yet but I'm thinking of it.
I was surprised with your message. Isn't using sysutils/login_ldap and
configuring it in /etc/login.conf enough for authenticating OpenBSD
users against an LDAP server? Why do you have to duplicate accounts?
Unfortunately, you have to duplicate the accounts on OpenBSD. This has
to do with the way user- and group-ids are accessed. If you want to
help a bit that we eventually can change that, contact me privately offlist.
- mb
