Recently I've been jumping upon the LDAP bandwagon, with one of my aims to consolidate a lot of different login systems.
Configuring Linux, Apache, OpenVPN and similar things to authenticate against an LDAP server was almost painless.
Unfortunately OpenBSD is being a bit more painful, primarily because it doesn't use PAM. Instead you have two choices:
- Configure login to authenticate against a RADIUS server, telling that server to authenticate against a (remote) LDAP server.
- Use login_ldap to do authentication, but fetch all things via YP.
Neither solution is particularly pleasant, but the former is marginally less effort. The downside? I still have to run "adduser" to add the user to the system - which makes me think "why did I bother in the first place?"
ObQuote: "Well, well I see we have visitors... " - Hot Fuzz