On Saturday 13 March 2004 18:25, Per olof Ljungmark wrote: > If you have a similar setup working I am very interested in how it was > accomplished.
Allright, so here is my setup if it can help you; note that I'm using ldap over SSL with key files. server: # /usr/local/etc/ldap.conf uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/ base dc=domain,dc=com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org pam_password ssha nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one # /usr/local/etc/nss_ldap.conf uri ldapi://%2fvar%2frun%2fopenldap%2fldapi/ base dc=domain,dc=com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one client: # /usr/local/etc/ldap.conf base dc=domain,dc=com uri ldaps://server.domain.com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org pam_password ssha nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one ssl on tls_checkpeer yes tls_cacertfile /usr/local/etc/openldap/cacert.pem # /usr/local/etc/nss_ldap.conf base dc=domain,dc=com uri ldaps://server.domain.com binddn cn=proxyuser,dc=domain,dc=com bindpw lphp.org nss_base_passwd ou=People,dc=domain,dc=com?one nss_base_passwd ou=Computers,dc=domain,dc=com?one nss_base_shadow ou=People,dc=domain,dc=com?one nss_base_group ou=Group,dc=domain,dc=com?one ssl on tls_checkpeer yes tls_cacertfile /usr/local/etc/openldap/cacert.pem common (client+server): # /etc/nsswitch.conf passwd: files ldap group: files ldap # /etc/pam.d/ldap auth sufficient /usr/local/lib/pam_ldap.so # /etc/pam.d/system auth sufficient pam_opie.so no_warn no_fake_prompts auth requisite pam_opieaccess.so no_warn allow_local auth include ldap auth required pam_unix.so no_warn try_first_pass nullok account required pam_login_access.so account required pam_unix.so session required pam_lastlog.so no_fail password required pam_unix.so no_warn try_first_pass _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
