On 17/12/2009, at 10:25 PM, Joakim Dellrud wrote: > Hello. > First of I would like to ask for forgivness if I post this question in the > wrong list, I'm new to this... > > So now to my question: I have a Microsoft 2003 Active Directory server and > an already working configuration for a Centos/redhat environment. But my > problem has occured when trying to include the BSD (openbsd 4,5 with > login_ldap installed) servers and clients in the solution. I've found a > guide (http://www.obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client) that > speaks of this but it seems to be non-functional. So my question is how does > one via login_ldap connect to a AD and auth USER that is not in the passwd > file on the machine? > > I've already checked out the kerberosV solution but that is not good for > +1000 accounts that might need to login to this machines (making the passwd > file approach kind of wierd).
i use login_krb5 to authenticate AD users on openbsd. auth is a separate issue to the contents of your passwd file or ns backend infrastructure. > I've already got a ypldap.conf file but it times out for me when I try > getent passwd? (note that this is a test env) > > > # passwd maps configuration > passwd filter "(&(objectClass=user))" that isnt a valid filter. beware that ypldap doesnt support paged ldap access, so you had better hope you total number of users is less than the maximum AD will give you in a single query without paging. by default it is about 1000 if memory serves me. it is possible to tweak AD to bump that number up. i wish someone would work on ypldapd too though. dlg
