On 2022/05/20 16:27, helmut.kiessl...@btinternet.com wrote: > Hi Stuart, > > Thanks for pointing out login.conf - indeed ldap was some reason missing > which is odd as in 70 it was automatically added there when installed > package?
Nothing has ever been automatically added to login.conf when installing a package. (And it shouldn't be automatically changed on upgrade unless the file was unmodified). The main thing that could account for this is if you ran sysmerge and selected the option to install a new file overwriting the old. > Anyway I added it there but still the same error "sshd: ldap: > unknown class". I think most likely you have an /etc/login.conf.db file which hasn't been updated to match the addition. I suggest removing completely, it mostly just gets in the way, it is not like it takes very long to parse on a modern computer. > I'm using this "login_ldap-3.51p8". I included login.conf and masked > company and hostnames. Config looks right for the login_ldap package. Though you may like to switch to the login_ldap version which is in OpenBSD base; I don't like relying on ports for things affecting login if you can help it. If you want to do that, you can use config like this - in login.conf ldap:\ :auth=ldap:\ :tc=daemon: and in login_ldap.conf host=ldaps://hostname.company.com basedn=dc=company,dc=com filter=(&(objectclass=posixAccount)(uid=%u)) timeout=5 scope=sub cacert=/etc/openldap/certs/company-ca.pem