nss_ldap fulfills most of the get*ent calls, thus based on the bits of
your configuration you've exposed I think you're ending up with that
behavior and not using pam_ldap at all. Instead the authentication is
happening via nsswitch fulfilling getpwent() call's (the passwd: files
ldap line in nsswitch.conf)
On Mon, Jul 15, 2013 at 11:51 AM, Daniel Eischen <deischen at freebsd.org>
wrote:> There's an article on LDAP authentication on FreeBSD here:
>
> http://www.freebsd.org/doc/en/articles/ldap-auth/article.html#client
>
> I'm confused as to why pam_ldap and nss_ldap do not need
> /etc/pam.d entries, as described in the above link in
> section 3.1.1. Meaning, I do not have any ldap entries
> in my /etc/pam.d/ or even /usr/local/etc/pam.d/ and
> ldap logins work (console, ssh, telnet, ftp).
>
> $ grep -i ldap /etc/pam.d/*
> $ grep -i ldap /usr/local/etc/pam.d/*
>
> What am I missing?
>
> $ uname -v
> FreeBSD slrtr1 9.1-STABLE FreeBSD 9.1-STABLE #0 r250347...
> $ uname -m
> amd64
> $ cat /etc/nsswitch.conf
> group: files ldap
> hosts: files dns
> networks: files
> passwd: files ldap
> shells: files
> services: files
> protocols: files
> rpc: files
>
> --
> DE
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at
freebsd.org"
--
"Genius might be described as a supreme capacity for getting its possessors
into trouble of all kinds."
-- Samuel Butler