Re: files before ldap in nsswitch.conf

2008-11-24 Thread Christopher Cowart
Gerhard Schmidt wrote:
 I'm setting up a new FreeBSD Server for out local Computer club. Most of
 the users are stored in LDAP and I've installed nss_ldap and pam_ldap
 and set up both. Everything works so far with nsswitch.conf
 entry passwd: ldap files.
 
 When I try passwd: files ldap the login doesn't work anymore because the
 LDAP_Server is never asked.

The act of logging in is managed by /etc/pam.d/*, not
/etc/nsswitch.conf. If `ls -l` works, you've got NSS configured
correctly.

 I tried this to optimize the LDAP requests as the service users are in
 the local files. This would speed up the boot process and takes some
 load off the LDAP-Server.
 
 Is there a way to configure FreeBSD to look first in the local files and
  if a user isn't found in the LDAP-Server.

This is my /etc/nsswitch.conf:

| group: files ldap
| hosts: files dns
| networks: files
| passwd: files ldap
| shells: files

And /etc/pam.d/system:

auth sufficient pam_unix.so no_warn
auth required   /usr/local/lib/pam_ldap.so  no_warn use_first_pass

My guess is you used required for both modules, which would require
authentication to succeed against both user databases.

 And another question. Is there a way to use two different LDAP-Servers
 e.g. by calling nss_ldap with different config files.

What's your goal? We have two different LDAP providers with different
subtrees that get glued together by a DNS round-robin of LDAP consumers.
This round-robin provides a single, unified view of our directory to all
our LDAP clients.

-- 
Chris Cowart
Network Technical Lead
Network  Infrastructure Services, RSSP-IT
UC Berkeley


pgpM7L2aEZETp.pgp
Description: PGP signature


files before ldap in nsswitch.conf

2008-11-23 Thread Gerhard Schmidt
Hi,

I'm setting up a new FreeBSD Server for out local Computer club. Most of
the users are stored in LDAP and I've installed nss_ldap and pam_ldap
and set up both. Everything works so far with nsswitch.conf
entry passwd: ldap files.

When I try passwd: files ldap the login doesn't work anymore because the
LDAP_Server is never asked.

I tried this to optimize the LDAP requests as the service users are in
the local files. This would speed up the boot process and takes some
load off the LDAP-Server.

Is there a way to configure FreeBSD to look first in the local files and
 if a user isn't found in the LDAP-Server.

And another question. Is there a way to use two different LDAP-Servers
e.g. by calling nss_ldap with different config files.

Greetings
Estartu

-- 
-
Gerhard Schmidt   | E-Mail: [EMAIL PROTECTED]
TU-München|
WWW  Online Services |
Tel: 089/289-25270|
Fax: 089/289-25257| PGP-Publickey auf Anfrage

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]