wiki:freebsd:set_up_ldap_auth_freebsd

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
wiki:freebsd:set_up_ldap_auth_freebsd [2025/01/07 12:36] – removed - external edit (Unknown date) 127.0.0.1wiki:freebsd:set_up_ldap_auth_freebsd [2025/01/07 12:36] (current) – ↷ Page moved from wiki:linux:install_davinci_resolve:wiki:freebsd:set_up_ldap_auth_freebsd to wiki:freebsd:set_up_ldap_auth_freebsd Greg
Line 1: Line 1:
 +====== Configuring LDAP Auth on FreeBSD ======
  
 +===== Install NSS LDAP Package =====
 +
 +<code>
 +pkg install nss-pam-ldapd
 +</code>
 +
 +===== Configure NSLCD =====
 +
 +Edit /usr/local/etc/nslcd.conf with:
 +
 +<code>
 +...
 +uri ldap://ldap.example.com
 +ldap_version 3
 +base dc=example,dc=com
 +scope sub
 +ssl no
 +</code>
 +
 +Restart nslcd service:
 +
 +<code>
 +service nslcd restart
 +</code>
 +
 +===== Configure PAM =====
 +
 +Edit /etc/pam.d/system with the following:
 +
 +**Note:** For brevity I'm only showing the pam_ldap and pam_unix lines so you know where they need to be in relation to each other.
 +
 +<code>
 +...
 +auth sufficient /usr/local/lib/pam_ldap.so try_first_pass
 +auth required pam_unix.so no_warn try_first_pass nullok
 +
 +...
 +account required pam_unix.so
 +account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
 +
 +
 +...
 +password sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
 +password required pam_unix.so no_warn try_first_pass
 +</code>
 +
 +And similar changes to /etc/pam.d/sshd:
 +
 +<code>
 +...
 +auth sufficient /usr/local/lib/pam_ldap.so try_first_pass
 +auth required pam_unix.so no_warn try_first_pass
 +
 +...
 +account required pam_unix.so
 +account required /usr/local/lib/pam_ldap.so no_warn ignore_authinfo_unavail ignore_unknown_user
 +
 +...
 +password sufficient /usr/local/lib/pam_ldap.so no_warn try_first_pass
 +password required pam_unix.so no_warn try_first_pass
 +</code>
 +
 +===== Configure NSSwitch =====
 +
 +Edit /etc/nsswitch.conf with:
 +
 +<code>
 +...
 +group: files ldap
 +...
 +passwd: files ldap
 +...
 +</code>
 +
 +===== Testing the Connection =====
 +
 +You can test it by trying to see a user's ID is available:
 +
 +<code>
 +id exampleuser
 +</code>
 +
 +You can also try using **getent**:
 +
 +<code>
 +getent passwd exampleuser
 +</code>
 +
 +In both cases you should get some sort of valid output, and in the latter you should see an "x" for the password attribute (meaning it's an external password).
 +
 +Hurrah! Have fun with your FreeBSD LDAP setup!