subject:"import users from LDAP to local password file \(pwd.db\)"

Re: import users from LDAP to local password file (pwd.db)

2011-07-08 Thread Dan Nelson

In the last episode (Jul 08), Frank Bonnet said:
> On 07/08/2011 05:43 PM, Moises Castellanos wrote:
> > On Fri, Jul 8, 2011 at 9:56 AM, Frank Bonnet  wrote:
> >> I need to import the necessary users's data  from an OpenLDAP directory
> >> server to put them in the local password files , anyone has done this
> >> before ?
> >>
> >> The machine use nss_ldap and pam_ldap to authenticate users but for
> >> robustness during the holidays I would like to have a local password
> >> file on this machine which is our mailhub.
> >>
> >> The OpenLDAP server runs on another machine and if it fails during
> >> holidays I want my mailhub to be standalone for authentication in order
> >> to let email service running even the directory server crash.
>
> > You can try with getent(1) passwd and see if you can work with the
> > output
>
> getent does not show the encrypted password field

LDAP servers usually don't allow clients to see the raw password hash. 
Authentication checks are done by binding as the requested user, so the
calling app doesn't have a chance to grab the hash and do an offline
brute-force attack on it.

To ensure LDAP availability, the usual thing to do is set up multiple
servers with LDAP replication between them, and configure your client's
ldap.conf to use all of them (or use carp or some other IP management app to
provide a single "always-up" IP address).

-- 
Dan Nelson
dnel...@allantgroup.com
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: import users from LDAP to local password file (pwd.db)

2011-07-08 Thread Frank Bonnet


getent does not show the encrypted password field

On 07/08/2011 05:43 PM, Moises Castellanos wrote:

Hi
  You can try with getent(1) passwd and see if you can work with the output

Regards

On Fri, Jul 8, 2011 at 9:56 AM, Frank Bonnet  wrote:


Hello

I need to import the necessary users's data  from an OpenLDAP directory
server
to put them in the local password files , anyone has done this before ?

The machine use nss_ldap and pam_ldap to authenticate users but for
robustness
during the holidays I would like to have a local password file on this
machine which
is our mailhub.

The OpenLDAP server runs on another machine and if it fails during holidays
I want
my mailhub to be standalone for authentication in order to let email
service running
even the directory server crash.

Thanks

__**_
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions
To unsubscribe, send any mail to "freebsd-questions-**
unsubscr...@freebsd.org"


___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"



--

Frank BONNET

01.45.92.66.17

Service des Moyens Informatiques Generaux

ESIEE PARIS
Cité Descartes / BP 99
93162 NOISY-LE-GRAND Cedex
http://www.esiee.fr 

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: import users from LDAP to local password file (pwd.db)

2011-07-08 Thread Moises Castellanos

Hi
 You can try with getent(1) passwd and see if you can work with the output

Regards

On Fri, Jul 8, 2011 at 9:56 AM, Frank Bonnet  wrote:

> Hello
>
> I need to import the necessary users's data  from an OpenLDAP directory
> server
> to put them in the local password files , anyone has done this before ?
>
> The machine use nss_ldap and pam_ldap to authenticate users but for
> robustness
> during the holidays I would like to have a local password file on this
> machine which
> is our mailhub.
>
> The OpenLDAP server runs on another machine and if it fails during holidays
> I want
> my mailhub to be standalone for authentication in order to let email
> service running
> even the directory server crash.
>
> Thanks
>
> __**_
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/**mailman/listinfo/freebsd-**questions
> To unsubscribe, send any mail to "freebsd-questions-**
> unsubscr...@freebsd.org "
>
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

import users from LDAP to local password file (pwd.db)

2011-07-08 Thread Frank Bonnet


Hello

I need to import the necessary users's data  from an OpenLDAP directory 
server

to put them in the local password files , anyone has done this before ?

The machine use nss_ldap and pam_ldap to authenticate users but for 
robustness
during the holidays I would like to have a local password file on this 
machine which

is our mailhub.

The OpenLDAP server runs on another machine and if it fails during 
holidays I want
my mailhub to be standalone for authentication in order to let email 
service running

even the directory server crash.

Thanks

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Re: import users from LDAP to local password file (pwd.db)

Re: import users from LDAP to local password file (pwd.db)

Re: import users from LDAP to local password file (pwd.db)

import users from LDAP to local password file (pwd.db)

4 matches

Site Navigation

Mail list logo

Footer information