[ On Tuesday, February 4, 2003 at 14:47:43 (+0200), Matthew Fincham wrote: ]
> Subject: Using LDAP for X login
>
> I am looking to set up an X-server login to use an LDAP user database
> instead of the "/etc/master.password" system. One option I see for this is
> to replace the xdm login prompt with a login prompt (program) that uses the
> the LDAP server. I am looking for some hints or references on how to do
> this, or an alternative method to implement this.

The best thing to do is just patch libc's nsswitch routines to add an
LDAP access method -- that way your whole system gets unified access to
LDAP as an authentication and authorisation server, not just xdm.  A
module that should be easily adaptable to NetBSD's NSS is already
available:

	http://www.padl.com/OSS/nss_ldap.html
	http://www.padl.com/download/nss_ldap.tgz
	ftp://ftp.padl.com/pub/nss_ldap.tgz

It already works with Solaris NSS as well as GNU libc NSS.

Interestingly that same package also supports ISC BIND's IRS (on BSD/OS
apparently) and it's apparently been ported to FreeBSD once upon a time
to provide support via IRS (along with replacing FreeBSD's resolver(3)
too of course).

Unfortunately it's copyright license is the GPL, so it's probably not
suitable for inclusion in the base NetBSD distribution.

-- 
								Greg A. Woods

+1 416 218-0098;            <g.a.woods@ieee.org>;           <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>