OpenLDAP: using FreeBSD's /etc/login.conf attributes with external LDAP users?
O. Hartmann
ohartman at zedat.fu-berlin.de
Wed Jan 20 09:56:42 UTC 2016
Using lates net/openldap24-server with FreeBSD as server and login target for
several users results in a problem.
Via attribute :rquirehome: in /etc/login.conf (i.e. added to class "standard")
one can prevent users from login without a valid home directory. Otherwise a
user with a valid LDAP entry will end up in "/". I'd like to add a standard
class for any user log in (via ssh) on that specific server (only administrative
staff has local logins in /etc/passwd, all users are located in LDAP DIT).
I searched the net for solutions and found one suggesting reverting the
"default" behaviour to have :requirehome: and use another class for all users
local in /etc/master.passwd (i.e. "privileged") - but this seems somehow odd
and in a hurry, updating software or similar, new facility users, like the
recently added user "_ypldap" will end up in the default class with
prerquisited a daemon will fail with. I think this could be too much of a
trap/pitfall.
So, the question is whether there is a more elegant/semantic way to do so.
Please CC me, I do not subscribe this list,
thanks in advance and kind regards,
Oliver
More information about the freebsd-questions
mailing list