John Marino <[email protected]> wrote: > On 6/28/2014 10:03, John Marino wrote: > > On 6/28/2014 09:56, Francois Tigeot wrote: > >> Hi, > >> > >> On Fri, Jun 27, 2014 at 11:56:30PM -0400, Predrag Punosevac wrote: > >>> This is not a question but rather a short summary of what I have done to > >>> enable authentication with LDAP on DragonFly BSD. Before you get too > >>> excited I will tell you that I didn't manage to work but I feel it is > >>> very close. > >>> > >>> For the purpose of this exercise you will need the following packages > >>> installed > >> [...] > >>> 3. net/nss_ldap > >>> > >>> is needed but it is not in the packages and it is probably the reason I > >>> can't get it to work. > >> [...] > >>> Step 6. Unfortunately it didn't work > >>> > >>> backup1# id predrag > >>> id: predrag: no such user > >> > >> This is bad. Some nss support library is indeed needed. > >> > >> I'm using nss-pam-ldapd instead of nss_ldap. The configuration file is a > >> bit different but it's a far more reliable alternative IMHO. > >>
I assume on DF? Could you please post short howto if authentication with LDAP works on LDAP? I personally do not care one or another way (OpenBSD uses ypldap and works like a charm). It was earlier suggested on this mailing list that LDAP should the same way on DF as on Free or NetBSD. Since I do not currently have any NetBSD machines I went FreeBSD way. > >> For some reason, net/nss_ldap fails to build in the packaging environment: > >> http://muscles.dragonflybsd.org/latest-failures/logs/errors/nss_ldap-1.265_10.log > >> > >> I have been able to build and install it locally from FreeBSD ports though. > >> Something weird is going on here. > > > > It doesn't look "weird" to me. I think DF needs kerberos added as a > > dependency. FreeBSD has kerberos in base. This is probably a 1-line > > fix with Makefile.DragonFly solution. > > > > > Confirmed, all it needed was a 1-line fix: > http://gitweb.dragonflybsd.org/dports.git/commit/e9d7793c5ed03b1ba0a044d2a04e07be44524d1b > > nss_ldap is in dports now. > John Thanks John! I can confirm that it builds on DF. I chose no SASL flavor (I hope I didn't make a mistake since I am utilizing TLS). Following FreeBSD's how to I copy pam_ldap configuration file /usr/local/etc/ldap.conf to nss_ldap configuration file /usr/local/etc/nss_ldap.conf. I put files ldap option into /etc/nsswitch.conf and restarted nsswitch daemon but unfortunately backup1# id predrag id: predrag: no such user I am afraid that this will require little bit of back trace-ing and debugging to work. Predrag
