mute
Dabbler
- Joined
- Dec 8, 2013
- Messages
- 19
Fired up 9.3-BETA in a VM to check it out, and I've noticed that the LDAP configuration section has undergone a revamp.
I recently setup a intra office fileserver on 9.2.1.8, and it took much arm wrestling to get it to work with our admittedly complicated LDAP setup.
My test vm does not seem to want to take the LDAP settings I've selected (clicking save doesn't actually save), but I noticed even in the Advanced Mode that the Auxiliary Parameters section is now gone. Is this intentional?
I am using this on 9.2.1.8 to map some attributes so LDAP works, and I'm afraid if I don't have the ability to add options to my ldap.conf that I'm sort of screwed. Am I missing something?
Related: On 9.2.1.8, FreeNAS has "nss_override_attribute_value loginShell" set to a real shell, which is sort of annoying because it means that if I use LDAP so people can authenticate via Samba shares, that they could also ssh into the FreeNAS. I noticed that's not present in the defaults in 9.3 (as far as I can tell) which is nice because I can override it to /sbin/nologin to prevent people from ssh'ing in. Kudos for that (if it was on purpose).
I recently setup a intra office fileserver on 9.2.1.8, and it took much arm wrestling to get it to work with our admittedly complicated LDAP setup.
My test vm does not seem to want to take the LDAP settings I've selected (clicking save doesn't actually save), but I noticed even in the Advanced Mode that the Auxiliary Parameters section is now gone. Is this intentional?
I am using this on 9.2.1.8 to map some attributes so LDAP works, and I'm afraid if I don't have the ability to add options to my ldap.conf that I'm sort of screwed. Am I missing something?
Related: On 9.2.1.8, FreeNAS has "nss_override_attribute_value loginShell" set to a real shell, which is sort of annoying because it means that if I use LDAP so people can authenticate via Samba shares, that they could also ssh into the FreeNAS. I noticed that's not present in the defaults in 9.3 (as far as I can tell) which is nice because I can override it to /sbin/nologin to prevent people from ssh'ing in. Kudos for that (if it was on purpose).