On Fri, 9 Nov 2018 at 10:02, Héctor González <ca...@genac.org> wrote: > > > >> Quoting wirelessd...@gmail.com (wirelessd...@gmail.com): > > [snip] > >>> So my next question is, whats the recommended package to authenticate > >>> with LDAP and allow users to login to a desktop via their LDAP > >>> account? I've seen various options for PAM and NSS, but do I need to > >>> configure both or just one? > > [snip] > > You can use libpam-ldap for this, it handles the authentication part. > NSS is used to "populate" your passwd and group files from ldap, if you > need it. Your users will work with just the PAM part, but It´s easier > to use NSS so you can change permissions using usernames instead of > UIDs. > > A "getent passwd user" will require libnss-ldap (and a working > /etc/libnss-ldap.conf which should be autogenerated) > > If you choose to use nscd, you should replace the suggested-size passwd > option with a sufficient size for your expected amount of users, the > manual says it is a hash table, so it should be a prime number bigger > than double the amount of expected users -hint, the primes package from > bsdgames can find primes for you). > > nscd acts as a cache for nss calls so you don´t flood your ldap server > with queries. > > There is also nslcd, which I remember using with samba-ad, as nscd > didn´t like that ldap for some reason, and it has a different config > file /etc/nslcd.conf > > I´d use nscd first, and if you run into trouble try nslcd. >
Thanks, nslcd appears to be working fine here now. I don't think I need to fiddle with any nscd settings at this point in time. --Tom -- Please avoid sending me Word or PowerPoint attachments. See http://www.gnu.org/philosophy/no-word-attachments.html _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
