On 17/12/2009, at 10:25 PM, Joakim Dellrud wrote:

quoted text
> Hello.
>  First of I would like to ask for forgivness if I post this question in the
> wrong list, I'm new to this...
>
> So now to my question: I have a Microsoft 2003 Active Directory server and
> an already working configuration for a Centos/redhat environment. But my
> problem has occured when trying to include the BSD (openbsd 4,5 with
> login_ldap installed) servers and clients in the solution. I've found a
> guide (http://www.obfuscurity.com/2009/08/OpenBSD-as-an-LDAP-Client) that
> speaks of this but it seems to be non-functional. So my question is how
does
quoted text
> one via login_ldap connect to a AD and auth USER that is not in the passwd
> file on the machine?
>
> I've already checked out the kerberosV solution but that is not good for
> +1000 accounts that might need to login to this machines (making the passwd
> file approach kind of wierd).

i use login_krb5 to authenticate AD users on openbsd. auth is a separate issue
to the contents of your passwd file or ns backend infrastructure.

quoted text
> I've already got a ypldap.conf file but it times out for me when I try
> getent passwd? (note that this is a test env)
>
>
>   # passwd maps configuration
>   passwd filter "(&(objectClass=user))"

that isnt a valid filter.

beware that ypldap doesnt support paged ldap access, so you had better hope
you total number of users is less than the maximum AD will give you in a
single query without paging. by default it is about 1000 if memory serves me.

it is possible to tweak AD to bump that number up. i wish someone would work
on ypldapd too though.

dlg