When I do suEXEC type things, I need to get my valid uid/gid info from an LDAP server. The users on my system are not /real/ users.
Does anyone know of any sort of solutions for this? It seems like it's not too far out there to be useful for lots of people.
LDAP can replace /etc/passwd and /etc/groups on some unix machines. In the same way that NIS depends on /etc/nsswitch.conf to intercept OS system calls, LDAP uses nsswitch.conf for the same purpose. That said, I don't have a *reliable* example of /etc/nsswitch.conf to show you. There are aspects of that file I don't grok. Do a google search for 'single sign-on' and you should find some relevant material.
Good luck. I think that robust LDAP support under Unix could be the key to removing more Windows servers from the world. Cheers.
Re:This should be transparent
cwest on 2002-07-08T14:49:18
Yes, this works well on some Unix systems but nsdispatch with LDAP support does not exist for FreeBSD, the operating system I'm using. As it turns out, I just hacked suEXEC to have LDAP support.
*shrug*
Re:This should be transparent
Paddy on 2004-06-03T10:22:28
Hello,
i am interest in your suEXEC solution with LDAP.
can you help me?
