User Tools

Site Tools


This is an old revision of the document!

Configuring LDAP Auth on FreeBSD

Install NSS LDAP Package

pkg install nss-pam-ldapd

Configure NSLCD

Edit /usr/local/etc/nslcd.conf with:

uri ldap://
ldap_version 3
base dc=example,dc=com
scope sub
ssl no

Restart nslcd service:

service nslcd restart

Configure PAM

Edit /etc/pam.d/system with the following:

Note: For brevity I'm only showing the pam_ldap and pam_unix lines so you know where they need to be in relation to each other.

auth		sufficient	/usr/local/lib/	try_first_pass
auth		required		no_warn try_first_pass nullok

account		required
account		required	/usr/local/lib/	no_warn	ignore_authinfo_unavail	ignore_unknown_user

password	sufficient	/usr/local/lib/	no_warn try_first_pass
password	required		no_warn try_first_pass

And similar changes to /etc/pam.d/sshd:

auth		sufficient	/usr/local/lib/	try_first_pass
auth		required		no_warn try_first_pass

account		required
account		required	/usr/local/lib/	no_warn	ignore_authinfo_unavail	ignore_unknown_user

password	sufficient	/usr/local/lib/	no_warn try_first_pass
password	required		no_warn try_first_pass

Configure NSSwitch

Edit /etc/nsswitch.conf with:

group: files ldap
passwd: files ldap

Testing the Connection

You can test it by trying to see a user's ID is available:

id exampleuser

You can also try using getent:

getent passwd exampleuser

In both cases you should get some sort of valid output, and in the latter you should see an “x” for the password attribute (meaning it's an external password).

Hurrah! Have fun with your FreeBSD LDAP setup!

wiki/freebsd/set_up_ldap_auth_freebsd.1682703661.txt.gz · Last modified: 2023/04/28 13:41 by Greg