Created attachment 183936 [details] nss-pam-ldapd-0.9.8.loginClass.patch Currently, all users from LDAP are mapped to "default" login class. This patch adds very basic LOGIN_CLASS(3) support to net/nss-pam-ldapd. There is no loginClass or equivalent attribute in OpenLDAP NIS schema, but some other attributes could be easily mapped to loginClass attribute in nslcd.conf. This is the example how to map loginClass to "description" attribute, in absence of destcritpion in user field, the user is mapped to class "student": map passwd loginClass "${description:-student}" I am using this feature for more than two years, may be someone in the community will also find this patch useful.
Has this been submitted upstream yet? If not, please do so.
The upstream discards it silently as strictly BSDish related feature.
Created attachment 242486 [details] patch to net/nss-pam-ldapd intorducing loginClass support I have been using the initial patch for 6 years almost without modifications. The sources have not changed much during this period, releases are infrequent. Upstream rejected this patch. Today I had some time to rework it to a patch applicable directly to the ports tree. Perhaps we can maintain it in our ports tree. I find it useful, maybe a few more users can also benefit from it. The name for option LCLASS was chosen the same as net/nss_ldap has. LCLASS is not enabled by default. There were some weird problems with shebang while building this port with portmaster or by hand on some hosts, so I added shebang for not really installed files (perhaps we should install them ?).
To make the PR consistent, please let me cite what the upstream thinks of this patch and why it was rejected[1]. >I think I've seen the patch before and the problem is that it modifies >the protocol between the NSS module and nslcd. This would be fine for >FreeBSD but the protocol is supposed to be platform-independent >(supports muti-arch systems and all). Another consequence of the >protocol change is that we would have to bump the nslcd version because >the newly running nslcd would not be able to communicate with programs >that have the old NSS module loaded. For FreeBSD, it shouldn't be the case, since we build NSS modules and nslcd together. [1] https://lists.arthurdejong.org/nss-pam-ldapd-users/2017/msg00092.html
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=a01debe78c6a48b2af17be589f4d13307e4d7b59 commit a01debe78c6a48b2af17be589f4d13307e4d7b59 Author: Ryan Steinmetz <zi@FreeBSD.org> AuthorDate: 2023-08-27 13:53:30 +0000 Commit: Ryan Steinmetz <zi@FreeBSD.org> CommitDate: 2023-08-27 13:53:30 +0000 net/nss-pam-ldapd: Add LCLASS Support PR: 220379 Submitted by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> net/nss-pam-ldapd/Makefile | 6 ++- .../lclass-patches/patch-nslcd__attmap.c (new) | 18 +++++++++ .../lclass-patches/patch-nslcd__attmap.h (new) | 10 +++++ .../lclass-patches/patch-nslcd__passwd.c (new) | 43 ++++++++++++++++++++++ .../files/lclass-patches/patch-nss__passwd.c (new) | 13 +++++++ 5 files changed, 89 insertions(+), 1 deletion(-)