Bug 220379 - [patch] net/nss-pam-ldapd: introducing very basic LOGIN_CLASS(3) support
Summary: [patch] net/nss-pam-ldapd: introducing very basic LOGIN_CLASS(3) support
Status: New
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ryan Steinmetz
URL:
Keywords: patch
Depends on:
Blocks:
 
Reported: 2017-06-30 08:38 UTC by Marek Zarychta
Modified: 2017-07-03 23:29 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (zi)


Attachments
nss-pam-ldapd-0.9.8.loginClass.patch (3.28 KB, patch)
2017-06-30 08:38 UTC, Marek Zarychta
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Marek Zarychta 2017-06-30 08:38:55 UTC
Created attachment 183936 [details]
nss-pam-ldapd-0.9.8.loginClass.patch

Currently, all users from LDAP are mapped to "default" login class. This patch adds very basic LOGIN_CLASS(3) support to net/nss-pam-ldapd. 

There is no loginClass or equivalent attribute in OpenLDAP NIS schema, but some other attributes could be easily mapped to loginClass attribute in nslcd.conf. 

This is the example how to map loginClass to "description" attribute, in absence of destcritpion in user field, the user is mapped to class "student":

map passwd loginClass "${description:-student}"

I am using this feature for more than two years, may be someone in the community will also find this patch useful.
Comment 1 Ryan Steinmetz freebsd_committer freebsd_triage 2017-06-30 16:56:44 UTC
Has this been submitted upstream yet?  If not, please do so.
Comment 2 Marek Zarychta 2017-07-03 23:29:32 UTC
The upstream discards it silently as strictly BSDish related feature.