On Tue, Oct 03, 2006 at 07:02:30PM +0200, Rogier Krieger wrote:
> On 10/3/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
> >[...] note that at least OpenBSD can authenticate
> >directly against LDAP, using sysutils/login_ldap.
>
> Personally, I suspect the OP has a specific interest in implementing
> NIS. Through NIS, OpenBSD can obtain the information it would
> otherwise get from the password file (i.e. user entries). IIRC, there
> is no alternative 'nsswitch-like' tool available for OpenBSD. If I'm
> wrong on this, feel free to correct me (you'd make me happy).
>
> As nice a tool as login_ldap may be, it still requires you to add such
> entries, limiting scalability. Unfortunately, I do not know of an
> LDAP-based NIS working on OpenBSD, so this probably isn't too much
> help to the OP either. Sorry for wasting the bandwidth.
While the full-on NIS might be useful, something like login_ldap would
at least allow authentication to stay synchronized. Simply
pulling/syncing the LDAP entries every so often could supplement this
into a usable, if far from elegant, solution. (The same sort of
mechanism could be used to sync a NIS server from a LDAP server, come to
think of it.)
Joachim
