I've made some pretty good headway with LDAP. The Debian differences with other distributions concerning /etc/pam.d is ... fairly extreme.
Apparently most distros have settled on /etc/pam.d/system-auth as an overall authorization scheme. Debian has it scattered among several other files. common-account, common-auth, common-password, common-session ... then each program can have its own ... ssh, cvs, imap, etc.
Of course, it's possible to have an LDAP file and @include that file ... still, it makes for alot of files to edit.
I never did find any documentation on this point, so I've spent much of my time digging around /etc/pam.d.
But it's working now. And I learned alot. And I had fun doing it. So that's all that really matters.
Still, a nice Debian-based HowTo would've been mightily helpful ...
Posted from exitwound.org.
