This is not a question but rather a short summary of what I have done to enable authentication with LDAP on DragonFly BSD. Before you get too excited I will tell you that I didn't manage to work but I feel it is very close.
For the purpose of this exercise you will need the following packages installed 1. openldap-client 2. pam_ldap and I am guessing 3. net/nss_ldap is needed but it is not in the packages and it is probably the reason I can't get it to work. Step 1. I configured /usr/local/etc/openldap/ldap.conf the same way as on OpenBSD, FreeBSD/FreeNAS or Red Hat BASE dc=autonlab,dc=org URI ldap://atlas.int.autonlab.org:389 SIZELIMIT 12 TIMELIMIT 15 DEREF never SSL START_TLS TLS_REQCERT allow TLS_CERT /usr/local/etc/openldap/certs/ca.crt TLS_CACERTDIR /usr/local/etc/openldap/certs TLS_CIPHER_SUITE HIGH:MEDIUM:+SSLv3 At this point I tested ldapsearch -ZZ -D "cn=admin,dc=autonlab,dc=org" -W works as a charm (obviously with TLS enabled). Step 2. I installed pam_ldap. Following installation message I created ldap file in /etc/pam.d/ with the following line added login auth sufficient /usr/local/lib/pam_ldap.so Note that for ssh login one will probably have to edit pam.d/sshd with something like this account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user as well to edit /etc/ssh/sshd_config with something like auth sufficient /usr/local/lib/pam_ldap.so no_warn Installation message also says "Copy /usr/local/etc/ldap.conf.dist to /usr/local/etc/ldap.conf, then edit /usr/local/etc/ldap.conf in order to use this module." which is well known to me. Namely on FreeBSD /usr/local/etc/ldap.conf is the configuration file for ldap client rather than /usr/local/etc/openldap/ldap.conf. At this point I shamelessly copied /usr/local/etc/ldap.conf from one of my FreeNAS server and adjusted the patch to certificate. host atlas.int.autonlab.org base dc=autonlab,dc=org rootbinddn pam_password md5 nss_override_attribute_value loginShell /bin/sh nss_base_passwd dc=autonlab,dc=org nss_base_group dc=autonlab,dc=org ssl start_tls tls_cacertfile /usr/local/etc/openldap/certs/ca.crt ldap_version 3 timelimit 30 bind_timelimit 30 bind_policy soft pam_ldap_attribute uid Step 3. I tried to install net/nss_ldap backup1# pkg install nss_ldap Updating repository catalogue pkg: No packages matching 'nss_ldap' available in the repositories Unfortunately it is not there so I moved to step 4. Step 4. Edit /etc/nsswitch.conf file by replacing group: compat passwd: compat with group: files ldap passwd: files ldap Step 5. /etc/rc.d/nsswitch restart Step 6. Unfortunately it didn't work backup1# id predrag id: predrag: no such user I am posting this in part in a hope that somebody can point out mistakes I am making and help me get this working. Most Kind Regards, Predrag
