Re: ldap user authentication, PAM and chsh (change shell): how to make it work?

Howard Chu wrote: > Jean-Francois Malouin wrote: >> * Howard Chu <hyc(a)symas.com&gt; [20181216 08:57]: >>> Ryan Tandy wrote: >>>> On Fri, Dec 14, 2018 at 03:24:17PM -0500, Jean-Francois Malouin wrote: >>>>> I'm using libnss-ldap along with pam-ldap on Ubuntu and Debian clients. >>>> >>>> I have not tried this myself, but recent versions of nss-pam-ldapd appear to include a 'chsh.ldap' command in the nslcd-utils package.  However it looks like >>>> that would require you to be using libnss-ldapd and libpam-ldapd with nslcd, rather than the old libnss-ldap and libpam-ldap. >>> >>> Would be best to be running those anyway, since the old stuff was deprecated long ago. >> >> Well, I hard-locked all the systems I tried to install libnss-ldapd along with >> nslcd: no ssh sessions, no console logins, nada. Once more, a PAM-related >> issue I guess. >> Also, it seems that all the info I find out there about how to configure those >> are either obsolete, very old and in some cases, 'not even wrong' :) >> >> As for being 'deprecated', https://wiki.debian.org/LDAP/NSS claims that: >> >> "In general libnss-ldapd is simpler but newer and libnss-ldap is more mature >> but more complex...". > > The author of nss_ldap and pam_ldap officially abandoned those packages ~9 years ago. Support > for those packages was redirected from the authors at PADL.com to Symas.com back in 2007 or so, At least by April 2007 http://scratchpad.wikia.com/wiki/Ldap?diff=2174401&oldid=129692 > and we (Symas) have promoted nss-pam-ldapd and OpenLDAP nssov since 2010. > > nss-ldap is not mature, it is dead.

-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/