helion-prime
home about us blogs contacts

7 Responses to “Authorization with LDAP on OpenBSD”

  1. Helion-Prime Solutions blog » Blog Archive » authorization with LDAP on OpenBSD…

    A nice tutorial on how to setup YP authentication for OpenBSD with LDAP as backend database….

  2. Anton says:

    Cool!

  3. rk says:

    If you want to use SSL for your LDAP queries, misc@ yielded a nice tip (courtesy of Stuart Henderson). Use relayd(8) to proxy towards the secured LDAP service.

    For details, see:
    http://marc.info/?l=openbsd-misc&m=126816366632323&w=4

  4. just a note says:

    Just a note..for line 5 of the login.conf entry:

    :x -ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\

    it looks like the websites code got involved in the line.

    This will yield no results, but a successful connection.

    Remove the “amp:” part like so:

    :x -ldap-filter=(&(objectclass=posixAccount)(uid=%u)):\

  5. just a note says:

    derp.. I had to change the line: look again

    :x -ldap-filter=(&a_mp;(objectclass=posixAccount)(uid=%u)):\

  6. just a note says:

    same with this line:

    change:
    echo -n ‘ ypldap’; /usr/sbin/ypldap ${ypldap_flags} 1> /dev/null &a_mp;

    TO

    echo -n ‘ ypldap’; /usr/sbin/ypldap ${ypldap_flags} 1> /dev/null &

  7. I followed the steps above. /usr/libexec/auth/login_-ldap -d -s login USERNAME ldap returns “authorize” when testing. ypldap -dv shows a bunch of “pushing line:” entries for what would appear to be passwd file entries for all my LDAP users and groups. Followed steps 3 and 4, and everything appears to be running. However, when I try to authenticate as any of my LDAP users, /var/log/authlog shows “Invalid User”. What did I miss? Did something change in newer OpenBSD releases?

Leave a Reply

©2010 Helion-Prime Solutions Ltd.
Custom Software Development Agile Company.