• View
• Edit
• History
• Print

Ldap

> opensmtpd's table-ldap doesnt work well with other ldap based programs
> including OpenBSD's own
> you can make it work, but thats honestly too much tech debt
> table-passwd is easier, but that's not LDAP
> lesson 2:
> there is no way to let users update their LDAP password in base
> now you can do it with 3rd party programs like ldappasswd and such
> and you could've do it with yppasswdd (which is gone since 5.8)
> but none of them are in the base, in other words, users can't update their own password if you use LDAP for password database
> you can make a script that calls ldappasswd
> but its icky (it's 3rd party and it's a bit complex)

also:

> you can have networked users and password databases via YP. you can only have password databases via LDAP.
> there is a program called ypldapd that connects these two (like a one-way-relay between LDAP and YP), so you can use LDAP users without defining more via adduser(8)
> so, openbsd does have ldap support, but the caveats are big enough to make me give up on it.
> it took just a about day to understand that, heh.
> ldapd is problaly fine, but openbsd isnt an awesome ldap client.
> neither OpenSMTPD nor login_chpass have proper support for ldap (OpenSMTPD does, but its kinda broken)
> but if you just want to share logins, login-ldap can do the job.