Feature #9399
closed
pkg support for SSH + sudo authentication via LDAP
100%
Description
Hi Folks,
You have a very usable and user-friendly webUI configuration tool for setting up LDAP authorization for webUI access. The integration of LDAP authorization to SSH and sudo is, however, more difficult than would be typical on a barebones server environment, for two reasons:
1) missing "nss_ldap" in the pfSense pkg repository. This package is required for the LDAP-specific modifications in /etc/nsswitch.conf to work. Importing the package file manually works, but that's something we typically try to avoid in usual practice.
2) 'sudo' package in pfSense repository does not have LDAP support compiled in. Again, we can use our own local packages at need, but it would be nice to have a pfSense-sanctioned package available, especially the pfSense-customized version. Perhaps an alternate pfSense-pkg-sudo-ldap package could be created?
Thanks for your consideration on these items!
Updated by Jim Pingle over 5 years ago
- Assignee set to Jim Pingle
Considering we already build pam_ldap I'm not sure why nss_ldap was omitted, so I added it to the build list for 2.5.0.
I also enabled the LDAP option for sudo.
Updated by Jim Pingle over 5 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
Applied in changeset pfsense:7db5a396d398b010bfb70048881a6cec0577338f.
Updated by Jim Pingle over 5 years ago
nss_ladp and LDAP-enabled sudo are both now present on 2.5.0 snapshots.
Updated by Jim Pingle over 5 years ago
- Status changed from Feedback to Resolved
requested package and options are present.