http://www.weithenn.idv.tw/cgi-bin/wiki.pl http://mail.lsps.tp.edu.tw/~gsyan/freebsd2001/pam_ldap.html

安裝 nss_ldap、pam_ldap、pam_mkhomedir

# cd /usr/ports/net/nss_ldap/
# make install clean
# cd /usr/ports/security/pam_ldap
# make install clean
# cd /usr/ports/security/pam_mkhomedir
# make install clean

複製 LDAP 設定檔和 nss_ldap 設定檔，兩個設定檔格式相同

# cd /usr/local/etc
# cp ldap.conf.dist ldap.conf
# ln -s ldap.conf nss_ldap.conf

修改 LDAP 設定檔

host ldap.server
base dc=padl,dc=com
bind_timelimit 5
bind_policy soft
pam_password clear
nss_base_passwd ou=People,dc=padl,dc=com?one
nss_base_group      ou=Group,dc=padl,dc=com?one

/etc/nsswitch.conf

#group: compat                                                                                                                              
group: files ldap
group_compat: nis 
hosts: files dns 
networks: files
#passwd: compat
passwd: files ldap
passwd_compat: nis 
shells: files

/etc/pam.d/ 設定哪些服務要透過 pam 認證

auth        required    pam_nologin.so      no_warn
auth        sufficient  pam_opie.so     no_warn no_fake_prompts
auth        requisite   pam_opieaccess.so   no_warn allow_local
#auth       sufficient  pam_krb5.so     no_warn try_first_pass
#auth       sufficient  pam_ssh.so      no_warn try_first_pass
auth        sufficient  /usr/local/lib/pam_ldap.so no_warn  try_first_pass    #加入 pam_ldap
auth        required    pam_unix.so     no_warn try_first_pass

session     required    /usr/local/lib/pam_mkhomedir.so    # 自動產生 home directory
session     required    pam_permit.so

auth        sufficient  pam_opie.so     no_warn no_fake_prompts
auth        requisite   pam_opieaccess.so   no_warn allow_local
#auth       sufficient  pam_krb5.so     no_warn try_first_pass
#auth       sufficient  pam_ssh.so      no_warn try_first_pass
auth        sufficient  /usr/local/lib/pam_ldap.so      no_warn try_first_pass
auth        required    pam_unix.so     no_warn try_first_pass nullok

pam_mkhomedir 在 FreeBSD 6 好像不能用，需要自己修改……

處理方式：pam_mkhomedir