Wednesday, June 08, 2022

Re: LDIF case sensitivity, login_ldap

And I should add, if the OpenBSD ldapd man page is your point of truth,
you won't have this problem - I was moving accounts over from OpenLDAP
where lowercase {crypt} was the working configuration.

On 2022-06-09 14:51, David Diggles wrote:
> I've just got ldap login working on OpenBSD/7.1 with accounts stored
> locally in ldapd and using ypldap.
>
> I just thought I'd share something so anyone reading this may save
> wasting the time that I wasted :-)
>
> Your LDIF entry that you read into ldap must be as follows for
> userPassword
>
> userPassword: {CRYPT}${ENCRYPTED_PASSWD}
>
> ie uppercase CRYPT - I was stuffing around for ages with trying to
> understand why login_ldap was failing to bind because I had {crypt} in
> lowercase.
>
> If you search the interwebs you'll find many complicated examples for
> the ldap class in login.conf but the following worked fine for this
> local setup:
>
> # /etc/login.conf.d/ldap
>
> ldap:\
> :auth=ldap:\
> :x-ldap-uscope=subtree:\
> :tc=default:
>
> Hope this helps someone.

No comments:

Post a Comment