Re: ypldap, ypbind at boot

[Vitali]

On Wed, Apr 25, 2012 at 4:48 PM, Ganguin Michel
<michel.gang...@nagra.com> wrote:
> Hi,

[cut]

> server after a timeout).
>
> Is it possible to setup ypbind and ypldap so that even if the ldap server
is
> not available I'm able to login with the local users either by having the
> login prompt on the console or by being able to ssh in?
>
> Thanks
> Michel
>


On FreeBSD there is /etc/nsswitch.ldap in which you could say, for example:

---

passwd:         files ldap
group:          files ldap
shells:         files ldap

# consult DNS first, we will need it to resolve the LDAP host. (If we
# can't resolve it, we're in infinite recursion, because libldap calls
# gethostbyname(). Careful!)
hosts:          files dns ldap

# LDAP is nominally authoritative for the following maps.
services:   ldap [NOTFOUND=return] files
networks:   ldap [NOTFOUND=return] files
protocols:  ldap [NOTFOUND=return] files
rpc:        ldap [NOTFOUND=return] files
ethers:     ldap [NOTFOUND=return] files

# no support for netmasks, bootparams, publickey yet.
netmasks:   files
bootparams: files
publickey:  files
automount:  files

# I'm pretty sure nsswitch.conf is consulted directly by sendmail,
# here, so we can't do much here. Instead, use bbense's LDAP
# rules ofr sendmail.
aliases:        files
sendmailvars:   files

# Note: there is no support for netgroups on Solaris (yet)
#netgroup:   ldap [NOTFOUND=return] files
netgroup:   files

---

It's my FreeBSD file, but I have never tried running user ldap
authorizing  on OpenBSD, can't say more.


--
### Coonardoo - PQP8P=P8QP:P0 Q QQP=Q / The Well In The Shadow / Le
Puits
Dans L'Ombre ###